Reddit Posts
Are P2WSH addresses the most quantum-secure addresses?
Let's have one last discussion about quantum computers.
Brave brings privacy to Web3 with ECC and Filecoin partnership
Hacker Steals 24M from rETH Whale [NEW INFORMATION]
Should I share possible "new " math methods regarding online cryptography?
Can quantum computing trivialize cryptocurrency?
Zcash, the popular privacy-focused Blockchain, released a new version of its full node software on Thursday, according to a post by its creator Electronic Coin Company (ECC). The software version 5.5.0 introduces several bug fixes, a proportional fee mechanism, and lays the groundwork for ...
Maximalism in the computer era versus bitcoin maximalism. Any parallel possible?
Maximalism in the computer era versus bitcoin maximalism. Any parallel possible?
Zcash to Proof of Stake? Approach, focus, and next steps - Electric Coin Company [ECC]
$4M Size ECC Launching Real-World Crypto Round-up app in the Next Few Months
Fox Inu / Stealth Launched 1h ago — The next 1000X Altcoin — Real Project with solid fundamentals and experienced team - Community Growing so fast!
Fox Inu $FInu Just Launched 30min ago!!! Airdrop: 50$ worth of token when we reach 50 members in our official telegram group !
Fox Inu $FInu Just Stealth Launched!!! | MemeUtility Token on the BSC Network! LP Locked, New opportunity for a Fox Parabolic Moon shot !
Saint Valentine | Stealth Launched!!|Locked Link Provided!|Simply hold Saint Valentine and get paid 10%!|Enter telegram and get in early! | | Auto staking rewards | Voice chat before launch | Amazing Team| Don't Miss This Gem!!|
Understanding ECC, the technology behind Litecoin's new privacy update: Minblewimble
Taking a look at Elliptic Curve Cryptography (ECC), the encryption process behind Litecoin's newfound privacy fortune
♑️Paragon Capital💎Micro MC 💎 Your Next Moonshot♑️
Empire Capital Token (ECC) – Defi 3.0 Layer of Yield Generating Protocols | True 1% Burn on Every Transaction | Incorporated Investment Firm | Hold ECC and Gain Exposure to Yield on All Chains
$ECC - Empire Capital Token - This is where my money is going! #1 on CMC today!
EmpireCapital (ECC) Fair Launched Yesterday - Low Market Cap - Strong Utility - Based Dev Team - Earn Yield By Holding
Confusion on Public Key Cryptography and digital signatures
100 Crypto Quotes - The Good, the Bold and the Ugly
Reward Switching Everyday $RSE 🔥| Doxxed dev Video and VC ✅ | 1 Day old Gem 💎 | ADA rewards for Today | Low Cap < 50 K Potential 1 M cap 🚀
Doxxed dev 🔥 | Reward Switching Everyday | ADA rewards now ⚠️ | stealth launched today 💎
SafeMoonCake is the original next-gen token that rewards you with CAKE airdrops! Only 40k mc!
🐱Cake Kitty 🍰 Fair Launched 30 Minutes Ago! Active Community with Low mcap! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launched Right Now! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launching in just 10 Minutes! Earn Cake Rewards just by holding | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launching in only 30 Minutes! Earn Cake Rewards | 1000X Potential!
🐱Cake Kitty 🍰 Fair Launch in 1 Hour! Earn Cake Rewards | 1000X Potential!
🐱BabyKittyCake 🍰 just Fair Launched!! Earn Cake Rewards when you hold BabyKittyCake | 1000X Potential!
🐱 BabyKittyCake just Fair Launched! ! 🍩 Earn Cake Rewards when you hold BabyKittyCake | 1000X Potential! 🚀
🍰 CAKE LOVER | 8% Cake Rewards to Holders | Stealthed Launch | SAFU 🍰
🥞CakeLover🥞 This Big Daddy just Did a Stealthed - only at 6k Mcap!! Huge Cake rewards!! 100x from here, Join TG: CakeLoverBSC
🥞CakeLover🥞 Just stealth launch with low 5k mcap ,cake rewards! SAFU ownership renounced [ tg:Cakeloverbsc ]
🥞CakeLover🥞 Is a Heaven for all the cake lovers , join us and get cake rewards! Based dev, safu project [ tg:Cakeloverbsc ]
HoneyMoney ! Gains are sweet as Honey 🎂 Stealth Launched just now, marketing push soon
FriendOfCake - Stealth launch - Automatic $CAKE reward - LP Locked 100%
🍰 UltraCakePrint 🍰 - Stealth Launch - Nano Mcap Gem - LP Locked - Renouced - CAKE reward
Hurry up buy $50 Ecc token and earn free 20:1 eyfi token
🚀CornDog 💎Just fair launched with ONLY $500 Market Cap 🤑
🦄AstroUnicorn Token - deflationary meme token, not even one hour old, $2k market cap, locked liquidity!
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [8k$ market cap]
🚀 ShibaMoo n just launched! 8k market cap!
🚀 ShibaMoo n just launched! 8k market cap!
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoo n 🚀 is now launching! [1 Minute Old] [3k$ market cap]
🚀 ShibaMoon 🚀 is now launching! [1 Minute Old] [3k$ market cap]
VENUSIA - Official NFTs Model Content Platform
🐱 KITTEN Finance DeFi Platform is Skyrocketing 🚀 Get in while its still early 🔥
Founders of Tezos and ethereum join ECC
I coded a Java application to generate bitcoin addresses, sign transactions and brute force private keys. Is it worth anything?
Mentions
Bei Bitcoin ist alles 256 Bit, die Verschlüsselung der Keys ist ECC. Bei normalen Anwendungen kann man einfach die Sicherheit hochschrauben, bei einer Blockchain ist das schwierig...
SHA256 is the hash algorithm, Bitcoin's encryption is 256 Bit ECC afaik. Why are you rambling about things you don't understand?
Great — future-proofing a multisig Bitcoin wallet for quantum resistance is smart, especially as quantum computing continues to progress. Here’s a clear path you can take today (and plan for tomorrow): ⸻ 🛡️ How to Future-Proof Your Multisig Wallet Against Quantum Attacks 1. Minimize Public Key Exposure Quantum attacks can only target public keys that have been exposed on-chain. So: • ✅ Use addresses derived from hashes of public keys, like P2SH or P2WSH (not raw P2PK). • ✅ Don’t reuse addresses — this avoids unnecessary key exposure. • ✅ Avoid leaving coins in addresses that have already been used to send — this exposes the public key. ⸻ 2. Use a Multisig Setup Wisely You already have a 3-of-4 multisig, which is strong. To improve: • 🔐 Store each key in separate geographic and security domains. • 🧩 Consider involving hardware wallets or air-gapped devices. • 🛠️ Avoid exposing all 4 keys during regular transactions — only the 3 required. ⸻ 3. Plan for a Post-Quantum Transition Bitcoin does not yet support post-quantum cryptography (PQC) natively, but you can prepare: 🔄 Strategy: Dual-Key (Hybrid) Wallets (Experimental) • Combine secp256k1 keys with quantum-safe keys like: • XMSS, SPHINCS+, or Lattice-based signatures. • Monitor projects exploring Taproot + quantum-safe tweaks. This isn’t supported in Bitcoin Core yet, but alternative protocols (like Bitcoin-sidechains, or layer 2s like Stacks, RSK, or Ark) may adopt PQ-safe scripts sooner. ⸻ 4. Watch for Protocol Upgrades Bitcoin Core and standards like BIPs will eventually propose post-quantum-compatible address/script formats. Stay informed by: • Watching Bitcoin developer discussions (e.g., Bitcoin dev mailing list, BIPs). • Tracking proposals related to quantum-safe script opcodes or alternative signature schemes. ⸻ 5. Have a Migration Plan When PQ-safe wallets become viable: • Be ready to sweep funds from ECC-based addresses to a PQ-safe wallet before public keys are exposed by spending. • Create a recovery playbook: include clear instructions and key access protocols for future wallet migration. ⸻ 📅 TL;DR Action Plan
From ChatGPT Cracking a Bitcoin 3-of-4 multisignature wallet with a current quantum computer is extremely unlikely at present. Let’s break down why. ⸻ 🔐 Understanding a 3-of-4 Multisig Wallet • This type of wallet requires any 3 out of 4 private keys to sign a transaction. • The keys use elliptic curve cryptography (ECC) — specifically the secp256k1 curve. ⸻ ⚛️ Quantum Threat to ECC Quantum computers could threaten ECC using Shor’s algorithm, which can efficiently solve the elliptic curve discrete logarithm problem (ECDLP). • To break one Bitcoin private key, a quantum computer needs: • Around 2,500 logical qubits and • Error correction with millions of physical qubits. • Current quantum computers (as of 2025) have: • Fewer than 100 logical qubits (if any), • Very limited coherence times, • High error rates, • And no capacity to run Shor’s algorithm at that required scale. Conclusion: They cannot break a single ECC key yet — let alone 3 of them. ⸻ 🔍 Why Multisig Is Even Harder A 3-of-4 wallet: • Requires breaking at least 3 different ECC keys. • If none of the public keys have been used (i.e., not yet exposed on-chain), then quantum computers have no target to attack. ⸻ 🧠 Key Points
Even if, we already have PQC (Post-Quantum Cryptography) algorithms like Lattice-based cryptography, that are computable by standard computers, but even high qubit quantum computers struggle with. The network would have to agree to adopt it and people would have to transfer their Bitcoins from ECC wallets (current) to the new PQC wallets. Also, algorithms that can break asymmetric encryption that Bitcoin uses (e.g. Shor's algorithm) require an amount of qubits we won't have for at least 20 years (give or take). TLDR; You're safe for a long time and when quantum computers start getting reliable for these tasks, we will have implemented new algorithms for this.
Cuz QCs can't do jack shit. The sole purpose of QC is to raise FUD about crypto. To make people afraid of relying on it to ensure their funds and privacy. This is why they keep reminding us that in less than 10 years all of the collected encrypted internet traffic will be somehow amazingly decrypted and you will go to jail for downloading some shit on the net. Any quantum physicist with an ounce of moral fortitude will explain how utterly infeasible QC is. Its a glorified pipe dream being hyped through every portal. They are actually claiming on many wiki pages that it already breaks RSA and ECC. This is utter and complete BS. QC has never been able to factor any number greater than 21. That is the legal drinking age, i.e. 3x7 not 21 bits or bytes. Try to understand how absolutely ludicrous and preposterous it is for them to make the claim that they can currently break RSA and ECC. Those algos use numbers so huge they are greater than all the electrons in the known universe. Your private key is more than the coordinates to a single grain of sand on a beach. It is the coordinates to a molecule in a grain of sand on a specific beach on a specific planet in a specific galaxy somewhere out there in the vast reaches of space. In other words, if you lose that key your crypto is gone baby gone. More importantly it means that finding that key is literally impossible. No QC will ever get even vaguely close to cracking either RSA or ECC. This will NEVER happen. However, why waste a good scam? As long as they can keep hyping this vapor tech and keep us in fear that we will get caught with our pants down and our fingers in the cookie jar, they will continue to ride this thing and make announcements about new tech with 10x more Qubits that accomplish zilch, but sounds threatening.
Dem qUaNtUm cOmPuDeRs. Yesiree! QC, which has never reliably factored any number greater than 21 (legal drinking age, not 21 bits or bytes) will somehow through the power of pure super genius physicists (who really are just in it to rake in the massive grants given them by the likes of Google, MS, IBM etc. ) will manage to fake up some random number simulation that almost looks like its breaking RSA or ECC, but is just smoke and mirrors. But they are hoping this will somehow give them the ability to claim every cold wallet on the chain, or at least reliably threaten to claim them with all the interesting things that can be with such BS propagandized on the media.
We're talking about ECDSA (vulnerable to Shor's Algorithm) for private keys, not SHA256 for mining. Fixing historical private keys is a hard fix requiring blacklisting. Either way, the whole Internet relies in ECC and ECDSA, so there will be plenty broken due to bring able to decrypting stored traffic from years ago.
Current quantum computing power is ~1,200 qubits vs. 1-20 million needed to break RSA/ECC. This will collapse internet security (HTTPS, banking authentication, digital signatures) and cryptocurrency systems by breaking public-key cryptography. Old Bitcoin wallets use ECC cryptography that quantum computers will break. When quantum computers arrive, all Bitcoin using old cryptography becomes vulnerable, active, dormant, lost wallets, doesn’t matter. If Bitcoin upgrades to post-quantum cryptography, there will be a race to steal coins from wallets that haven’t migrated, especially ‘lost’ wallets where owners are dead/missing and can’t upgrade. Probably 1-5 million Bitcoin could become accessible to whoever has quantum capability first.
Shor's Algorithm on ECDSA. Early Bitcoin addresses used ECC. https://delvingbitcoin.org/t/bitcoin-and-quantum-computing/1730
Zero Ziltch Nada. Fucking QC is a FUD psyop. Prove me wrong! Can't even factor a number greater than 21 (legal drinking age, not 21 bits or bytes) IF you believe QC is any threat to current crypto you are gullible AF. And no, embedding lies that QC already cracks ECC or even RSA into every wiki page, does not make it a real threat.
I'll paste a post I did on this subject a while back to put your mind at ease (unless you're intentionally spreading negative news): Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.
...... Let's use Willow (Google's state of the art quantum chip) as an example. Willow was a major milestone wrt error rates. The current generation still has 0 real-world applications like breaking encryption. There is no functionality other than proof of concept in being able to do some extremely specific tasks faster than modern computers. Many in computational mathematics do not consider RCS to even count as computations. Google's previous "quantum" processor, Sycamore, had 53 qubits (2019). Willow has 105 physical qubits. But wait - there's IBM's Condor, sitting at 1.121 physical qubits, making it the most advanced. Ok. As an example, we will use Bitcoin - Cracking its ECC encryption requires ~1,500 logical qubits (millions of physical ones). IBM's most optimistic goals are to achieve 100.000 physical qubits by 2033. Cracking Bitcoin’s encryption would require millions of error-corrected qubits.The threat is multiple decades away, and Bitcoin can upgrade to quantum-resistant tech. The same applies to general security. Post-quantum algorithms will likely be integrated into any protocol before quantum computers pose a legitimate threat. Too long, didn't read -> Every single aspect of this "quantum threat" is a worse pile of bullshit than Y2K was. Pure sensationalism feeding on fear mongering to attract attention.
Wallets will never be vulnerable. Even if quantum computing works. ECC is unhackable, or cant be reverse engineered
You think Ethereum doesn't need to hardfork away from ECC just like everyone else?
Did you even read the article? SHA 256 isn't the nearest attack vector - it's the elliptic curve cryptography (ECC) underpinning the wallet. Grover's isn't even applicable in this regard; it's Shor's - an entirely different, and much more threatening, attack Centralized tech like banks, companies, etc... have a much easier time rolling out post quantum tooling and upgrades to combat against this because they are centralized. Bitcoin's greatest strength - decentralization - is it's greatest weakness here
Modern CPUs absolutely, but how modern OS uses them it is another story. There are several random number generators, mostly pseudo-random, with seeds from time, decay of isotopes, mouse, keyboards, .... If after that they continue using ECC, there might be a back door.
As long as RNG is not based on ECC, I agree with u
I think a quantum computer coming online in the wrong hands is going to have an enormous impact on bitcoin. All it takes is beating the ECC one time, and *bam* Shor’s algorithm is used and suddenly hackers have accessed millions of private keys from the public keys listed on the blockchain. Trillions of dollars of wealth are stolen or destroyed. There’s no recovering from that.
> consensus from 90% of all mining pools Not correct. The upgrade consensus is for 90% of a specific number of consecutive blocks to signal for the upgrade, not 90% of mining pools > Do you guys think they wouldn't agree to do the same for post-quantum cryptographic algorithms? Taproot didn't increase the size of transactions. In some cases, taproot txinputs are smaller So-called quantum-proof signatures are substantially larger than Bitcoin's current signatures, reducing the number of transactions which can fit into a block. Yes, these algorithms will be controversial > 1. Must have a non-zero balance > 2. Once condition 1 above is met, the wallet then becomes vulnerable to a "quantum-powered theft Nonsense. A Bitcoin address does not have a balance An unspent coin (UTXO) is vulnerable if its public key is exposed. An address is not a public key, it is a hash of a public key. Quantum computers are not a threat to hashing algorithms, only to public ECC keys. The public key is secret until the coin is spent. A coin is vulnerable * if it has the same address as other coins, and * if one of the other coins has been spent
"Experts estimate a 256-bit ECC key could be cracked with 2,000 logical qubits, potentially within a decade." Source: Project Eleven https://thequantuminsider.com/2025/04/18/quantum-contest-offers-1-bitcoin-for-cracking-encryption-with-shors-algorithm/ https://www.qdayprize.com/
Quantum computing possess risk because bitcoin is defenseless to brute force attacks. Brute force attacks meaning you could create private keys and there is a chance those keys have already used and has balance in it. Nothing stops you to create private keys. Right now its not important because our computing power is so low, we need billions of devices those running for million years to find any wallet with a balance. But if quantum tech mature enough, our computing power will be multiply with thousands, if not millions. Then people would create private keys more effectively, so their chances to find wallets with balance will increase. Keys and wallets will remain untargetable because ECC still stay. But ecc will have no meaning if you could create all private keys with quantum computers.
Quantum computing is a field even experts say is very difficult and not well understood so I will defer to them rather then make claims about its capabilities and risks to existing technologies. They write warnings such as this one by paloalto a Nasdaq listed cybersecurity company: The cybersecurity risks posed by quantum computing include: Breaking Asymmetric Encryption: Quantum computers can use algorithms like Shor's to quickly factorize large integers, rendering public-key encryption methods like RSA, ECC, and DH obsolete. [source](https://www.paloaltonetworks.com/cyberpedia/what-is-quantum-computings-threat-to-cybersecurity#:~:text=The%20cybersecurity%20risks%20posed%20by,%2C%20ECC%2C%20and%20DH%20obsolete.)
He(?) wrote "quantum key decryption" which is bullshit. I dont think they know how ECC or quantum works. ECC (bitcoin algorithm) can't be decrypted, quantum computing has nothing to do with this fact.
That's not entirely right. Bitcoin uses 256 bit ECC and upgrading it isn't too easy (didn't see a single solution yet to be precise). Your Browser and bank website can be updated easily... at least to much longer keys until you find another solution.
Elliptic-curve cryptography is how bitcoin handles encryption. Its not about computing power, it designed that way that encryption can't be reverse engineerable. No matter how much computing power you have. What you saying in your post is different thing. Its brute forcing. Its nothing to do with encryption method (ECC). Will ECC ever be broken? I have no clue, I'm not an math expert. I hope not.
Both Sha256 and ECC were widely used in cryptography before bitcoin, so Satoshi did nothing new about particular components of how bitcoin works. He did well about blending them together to create a product. It doesn't need to be come from future.
Quantum computing paired with AI (like for intelligent keyspace narrowing or pattern prediction) could eventually pose a serious threat to current cryptographic systems—including Bitcoin’s elliptic curve cryptography (ECC). Bitcoin Private Key Recovery To "recover" lost Bitcoin, you'd typically need the private key associated with a known address. Bitcoin uses: Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve. The private key is a 256-bit number. A brute force attack would mean guessing the private key, but there are 2^256 possible combinations. Insanely huge. Quantum Threat Quantum computers could use Shor’s algorithm to break ECC: Shor’s algorithm can solve discrete log problems (the core of Bitcoin’s cryptography) exponentially faster than classical methods. A fully operational fault-tolerant quantum computer with ~1,500 to 2,500 qubits could potentially crack ECC used in Bitcoin. More than likely Bitcoins encryption will be updated before we come to this crossroads.
Because these practice keys are much shorter and many orders of magnitude easier to crack than an actual 256/384-bit ECC key.
The title is completely misleading and threw me off too. They meant whoever cracks the "longest" key of a simple version of the ECC keys, which are much, much shorter than actual 256/384-bit ECC keys.
I really don't get this design. It's easier to break shorter ECC keys. If they reduced it to from 256/384 bits to 48-64 bits, then this would be an idea contest. Why are putting up a contest with longer keys?
This article was covered by Scott Melker. Of course, if you could crack ECC, you would be able to steal waaayyyyyy more than 1 BTC. The contest is actually to see how many bits you could break. The contest is aiming to understand how close the threat is. I find it comical because the MAJOR players who are building scalable machines using a multitude of approaches are not worried about earning 1 BTC. The contest will not tell us much, but it does raise awareness. If you watch Scott's video, he at one point realizes he has always just laughed this off, but he probably shouldn't. He fully expected to poke fun at the article and then saw this is something all systems will be dealing with. I've posted over time about the progress quantum computing is making, and how coin after coin begins to dig in on how to fork over to Post Quantum Cryptography. ETH, ADA, SOL, and even some BTC maxis are talking about what they are going to do. And the more they talk, the more of a mess they realize they have in front of them. I don't think it's doomsday... unless they keep spinning rather than start building.
tldr; Project Eleven has launched the 'Q-Day Prize,' offering 1 Bitcoin to anyone who can crack the largest Bitcoin key using a quantum computer by April 5, 2026. The competition aims to assess the threat quantum computing poses to Bitcoin and explore quantum-proof solutions. Participants must use Shor's algorithm without classical shortcuts. With over 6 million Bitcoin potentially at risk, the challenge highlights the urgency of addressing quantum computing's impact on elliptic curve cryptography (ECC). *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
I am under the impression that the rest of the world have gotten over the breakup period of losing a partner and have started strengthening and making new trade partners. Canada has signed free trade with ECC and Jan 17th right before the inauguration Mexico did the same with ECC. Canada has made deals for oil exports to china japan and finally the ECC as well and reduced dependence on exporting to trump. China, Japan and South Korea would have never worked together, if it wasn’t for trump. One of those podcasts, can’t remember which stated that as trump keeps saying he was chosen by g-d to do his work on planet trump, the explanation is that, yes, he is right, he was used as one of those biblical plagues to break down humanity and to show the effects of vileness, cruelty and lack of empathy. As we see he is harming all people a like. He was bragging in th Oval Office about Charles Schwab making 2.5 Billion $ in one day and the other guy 900 million, however he didn’t say that he actually made them lose 20% of their wealth to start with and gain only 8% back. BTC what a shame. I really was under the impression that all the crypto gurus have been talking about 200k by the end of the year, now it’s seems as a distant dream.
I wouldn’t rely on that guy. He got discredited by the devs of another project he “found flaws in”. there response clearly showed he was incorrect. Besides, we all know where he’s interest lies so makes sense that he finds problems in other projects. The truth is it’s ignorance (not understanding). Qanplatforms XLINK is a mechanism by which a chain can continue to safely use ECC with a means to transition to PQC when needed. Because every wallet address within the XLINK layer has a PQC signature to authenticate the address, thus all wallets are secure from QC’s before and after the transition PQC wallets. Of course this is only true for testnet at the moment as the mainnet hasn’t launched yet.
From my understand & research that is correct. Even between quantum computing & Ai technologies. Technically It would be "illegal" to hack or steal them. From my understanding even the most advanced technology won't be able to hack due to the hashing sequence. 🤔 The mathamatics involved is unthinkable. The blockchain has I'm not sure how accurate Chat GPT is but ask it yourself. There's at least low-level information available to learn about it. Estimating when SHA-256 might be broken by AI and quantum computers depends on the progress of both fields, especially quantum computing. Here’s an analysis based on current knowledge: 1. Classical Computing and AI Threats AI, even with advanced machine learning models, cannot directly break SHA-256 because it’s based on complex mathematical properties like the avalanche effect (small input changes cause large hash changes). However, AI could help: Identify patterns in hash generation or network vulnerabilities. Optimize the mining process to make it more efficient (but not to break the hashing itself). Therefore, AI alone is unlikely to break SHA-256 anytime soon, if ever. --- 2. Quantum Computing Threats Quantum computers pose a more serious threat because of their ability to solve certain mathematical problems exponentially faster than classical computers: Shor’s Algorithm Shor’s algorithm can theoretically break RSA and ECC encryption by factoring large numbers and solving discrete logarithms efficiently. However, SHA-256 is based on a one-way hashing function (not factoring or discrete logs), so Shor's algorithm cannot directly break SHA-256. Grover’s Algorithm Grover’s algorithm allows quantum computers to search an unsorted database (or invert a hash) in √N time instead of N time. For SHA-256, Grover’s algorithm could reduce the effective security from 256 bits to 128 bits — which is still very strong (AES-128 is considered secure against classical attacks). --- 3. Timeline Estimate Current quantum computers (like those from Google and IBM) have only reached about 1,000 qubits — far below the estimated millions of error-corrected qubits needed to threaten SHA-256 using Grover’s algorithm. Estimates vary, but experts predict that: It could take 15 to 30 years to develop a quantum computer capable of running Grover’s algorithm at a scale that could weaken SHA-256. It may take even longer (if ever) to reduce security to a practically exploitable level, considering the need for fault-tolerant qubits. --- 4. Post-Quantum Cryptography To prepare for this, researchers are working on post-quantum cryptography (PQC), which includes hash-based cryptography that quantum computers are unlikely to break. SHA-256 itself is not currently under immediate threat, but blockchain systems could eventually upgrade to quantum-resistant hashing algorithms (like SHA-3 or lattice-based methods). --- 👉 Conclusion AI is unlikely to break SHA-256 directly. Quantum computers using Grover’s algorithm might weaken SHA-256 to 128-bit security, but this would require millions of qubits and may take 15–30 years (or longer) to become practical. Blockchain systems will likely adopt quantum-resistant algorithms before quantum computing reaches this level.
Bank sector does indeed uses RSA and ECC for encryption and authentication. Shor’s algorithm also threatens these systems, no doubt, by factoring large primes or solving discrete logarithms. However, banks often employ layered security, including symmetric encryption and centralized key management. So my money is a few orders of magnitude safer in traditional banking environments.
Alright, let’s talk about Bitcoin and its potential quantum doomsday scenario—but with a bit of perspective. Right now, Bitcoin is like a medieval castle, fortified with cryptographic walls so strong that even the most advanced classical computers would need longer than the age of the universe to break in. But enter quantum computing, the rebellious new kid on the block, with a sledgehammer made of Shor’s Algorithm and an attitude that says, “Rules? What rules?” What’s the Big Quantum Scare? Bitcoin’s security relies heavily on elliptic curve cryptography (ECC)—which is fantastic against traditional computers but about as useful as a wet paper bag against a large-scale quantum computer running Shor’s Algorithm. This means: 1. Public Keys Become Sitting Ducks – Right now, your Bitcoin is safe because your private key is derived from your public key in a way that makes it mathematically impossible (for classical computers) to reverse-engineer. Quantum computers, however, could do this in minutes or hours—turning your public key into an open invitation for thieves. 2. The “Steal-it-if-it’s-not-moved” Problem – Bitcoin transactions expose public keys during a transaction. If a quantum attacker sees an unmoved Bitcoin sitting in a wallet with a known public key, they could extract the private key and take the funds before you do. It’s a classic game of “who types faster?”—except your opponent is an AI-enhanced, quantum-fueled speed demon. 3. 51% Attack on Quantum Steroids – If a sufficiently powerful quantum computer emerges, it could theoretically break Bitcoin’s mining algorithm (which uses SHA-256 hashing) more efficiently than classical miners. This could lead to quantum dominance in mining, allowing one entity to outpace the network and potentially manipulate transactions or double-spend. So, Are We All Doomed? Not really. Here’s the good news: 1. Quantum Computers Aren’t There Yet – The largest functional quantum computers today have a few hundred qubits and are mostly busy simulating molecules, optimizing logistics, and confusing undergrads. To break Bitcoin, you’d need a fault-tolerant quantum computer with millions of qubits, and we’re not even close. Experts estimate this could take 10-20 years at minimum—and that’s assuming breakthroughs that no one has figured out yet. 2. Post-Quantum Cryptography is Already a Thing – Smart people (the kind who do math for fun) are developing quantum-resistant cryptographic algorithms. Bitcoin developers are actively researching ways to upgrade the network to use post-quantum cryptography before quantum computers pose a real threat. 3. You Can Protect Your Own Bitcoin – If you’re worried, don’t reuse addresses. Use wallets that generate a fresh address for every transaction so that your public key never sits exposed for long. 4. Soft Forks and Upgrades – If quantum computing gets close to being a real problem, Bitcoin can implement a network-wide soft fork to switch to post-quantum cryptographic algorithms like lattice-based cryptography. The Bitcoin network has survived major upgrades before; this would just be a big one. The Bottom Line Right now, Bitcoin is safe, and quantum computers are more of a James Bond villain concept than an immediate apocalypse. The real risk isn’t waking up tomorrow to find Bitcoin wallets empty—it’s being too slow to adapt once quantum computing actually reaches a breaking point. Fortunately, Bitcoin’s decentralized development community is already preparing, so when the quantum revolution comes, it’s more likely to be a tech upgrade rather than a catastrophic event. Now, if someone does manage to build a million-qubit quantum computer tomorrow, well… we’ll have bigger problems than just Bitcoin.
It’s not as big of a threat to Bitcoin currently since you can take some simple steps to protect yourself from long exposure attacks by using a P2PKH or P2WPKH address type and avoiding address reuse. With these addresses types, an attacker would need a significantly more advanced quantum computer that’s able to crack keys within the time from when a transaction is broadcast until when it is mined. We have the time still to flesh out an ideal solution that will have minimal impact to blockchain size. In an emergency situation say if there was a quantum breakthrough tomorrow, it would be easy enough to implement a solution that would work, but is far from ideal. ECC depreciation isn’t recommended by NIST until 2030 still, and it’s likely we could see a soft fork for BIP-360 well before that, so there’s no point rushing out a solution now. Coins like QRL just exist to enrich their devs from FUD around quantum computing, which while quantum concerns are valid, there’s no reason to panic yet, especially when people are working on solutions.
They are still working on figuring out the best solution. The major issue is that current quantum resistant signatures are significantly larger than ECC based signatures, and will likely require another witness discount or block size increase. It will also require extensive testing before it’s introduced to main net.
Quantum computing is definitely a long-term concern, but crypto isn’t doomed just yet. Most modern cryptographic systems, including Bitcoin and Ethereum, rely on elliptic curve cryptography (ECC), which could be broken by a powerful enough quantum computer. However, researchers are already developing post-quantum cryptography (PQC) to counteract this, and blockchain networks will likely upgrade when the time comes. For self-custody, using a Cypherrock cold wallet or other hardware wallets that can integrate PQC-resistant cryptography in the future is a smart move. Decentralized key storage, like Cypherrock approach, already adds an extra layer of security against traditional hacks, and future firmware updates could further enhance protection against quantum threats.
According to the following paper Shor's algorithm actually *can* be used to break ECC as well: https://eprint.iacr.org/2017/598.pdf
The consensus mechanism and chain history aren’t vulnerable to quantum computing. Only the ECC cryptography used when signing transactions is vulnerable. Shor’s algorithm could theoretically be used by a powerful enough quantum computer to derive private keys from exposed public keys, so really old P2PK addresses and P2TR addresses are immediately vulnerable, and any P2PKH or P2WPKH or the script hash version of these addresses are safe for now unless addresses have been re-used. These addresses will be vulnerable if QC becomes fast enough that they can derive a private key from the public key while transactions from these addresses are still pending after they’ve been signed. What will be a lot of work is getting everyone to move their coins to the new quantum safe addresses once they’re available and before a quantum threat materializes.
Thanks ChatGPT. However I believe this answer assumes a brute force attack. This answer, and this thread in general, is missing an important discussion on the chips impact on identifying methods of factoring large primes which would break ECC.
1: Correct. Never said anything against that. 2: Also correct. See 1 3: Also correct. See 1 > Your 8-qubit processor Mine? I don't have one. I'm on your side here. I'm fully aware that quantum computing is no threat to ECC for a long long while. I don't know why you bang on this, that was not the point I was disagreeing with you?
Asked chat GPT how I could crack Satoshi’s wallet with this 8 qubit processor and it gave me the following: An 8-qubit processor is far from capable of breaking Bitcoin’s cryptography. Bitcoin’s security is based on elliptic curve cryptography (ECC) using the secp256k1 curve, which relies on the discrete logarithm problem—a problem that is currently infeasible to solve with classical or near-term quantum computers. Why Your 8-Qubit Processor Won’t Work: 1. Quantum Volume Matters More Than Qubit Count – An 8-qubit processor has neither the coherence time nor the error correction needed for meaningful cryptographic attacks. 2. Shor’s Algorithm Requires Thousands of Logical Qubits – To break a 256-bit ECC key, you would need a fault-tolerant quantum computer with millions of physical qubits to account for noise and error correction. 3. Current Quantum Computers Are Not There Yet – The most advanced quantum processors today (as of 2025) are in the range of a few hundred physical qubits and are far from breaking ECC or SHA-256. What Would Be Needed to Break Bitcoin? • A large-scale, fault-tolerant quantum computer with at least 3000+ logical qubits (which translates to millions of physical qubits). • A stable implementation of Shor’s algorithm for ECC, which is purely theoretical for now. • Decades of advancements in quantum error correction and hardware. Reality Check: Bitcoin remains safe from quantum attacks in the foreseeable future. If practical quantum attacks on ECC emerge, the Bitcoin network can upgrade to quantum-resistant cryptography (e.g., lattice-based cryptography) before any real threat materializes. If you’re interested in quantum computing, it’s more productive to explore fields like quantum chemistry, optimization, and cryptographic research rather than hypothetical attacks on well-secured systems.
I'm replying to you, rather than brtastic, because while he is technically correct, I feel as though you may benefit more from a more simplistic breakdown (please don't think I'm being condescending, this also helped solidify my knowledge gaps) There are different cryptographic concepts/ techniques which are easily confused because they can be used in different ways: Public Key Cryptography: Is an asymmetric cryptographic system that uses a mathematically linked key pair (public and private keys) PKC has multiple applications beyond just securing data. It can be used for encryption, digital signatures, and key exchange. In encryption, the public key encrypts, and the private key decrypts (used in HTTPS, PGP). In digital signatures, the private key signs data, and the public key verifies authenticity (used in Bitcoin transactions and document signing). Encryption: There are two types of encryption but essentially encryption is the process of making data unreadable/unusable (encrypted) until it can be rendered useable again with a key (unencrypted): Symmetric Encryption: Uses the same key for encryption and decryption. Asymmetric Encryption: Uses a Key Pair, which are essentially mathematically intertwined keys (RSA, ECC) in which the encryption key is different than the decryption key. Hashing: Hashing is a cryptographic process that transforms input data into a fixed-length string (hash) using a mathematical algorithm. It is a one-way function, meaning the original data cannot be reversed from the hash. Even a small change in the input produces a drastically different output. Hashing is used for data integrity verification, password storage, and proof-of-work in Bitcoin mining. Common hashing algorithms include SHA-256 (used in Bitcoin), MD5, and Bcrypt. Unlike encryption, hashing does not require a key and is meant for verification, not secrecy. Hopefully that helps clear some of the concepts up, and explains what brtastic was saying.
The threat of quantum computing to cryptocurrency security isn’t just theoretica, it’s a real challenge the industry will have to face. Most blockchains today rely on SHA-256 and elliptic curve cryptography (ECC), both of which could be broken by quantum computers running Shor’s algorithm.... Lqrge scale quantum attacks are probably few years away but waiting until the last minute to adapt could be a DISASTER... This is where Cellframe stands out. Unlike BTC, ETH or other major blockchains that will have to retrofit quantum resistance later (Hard fork, shutting down the network for months...), the transition will be complex and slow. Cellframe is already quantum safe. CELL uses NTRU lattice based encryption, one of the most secure cryptographic methods against Q threats. It’s a multi-chain platform designed for interoperability, scalability, and even decentralized services like VPNs. The problem is clear: once quantum computers become powerful enough, traditional blockchains will be vulnerable to key theft, double spending and identity spoofing. The solution is also clear. DYOR. NFA.
Bitcoin uses multiple cryptographic techniques for different aspects of its functionality: # 1. Public-Key Cryptography (Elliptic Curve Cryptography - ECC) * **Algorithm:** **Elliptic Curve Digital Signature Algorithm (ECDSA)** * **Curve:** **secp256k1** * **Purpose:** Used for generating Bitcoin addresses and signing transactions to prove ownership of funds. # 2. Hash Functions * **SHA-256 (Secure Hash Algorithm 256-bit)** * Used in Bitcoin mining and block hashing.Ensures integrity by linking blocks via cryptographic hashes. * **RIPEMD-160** * Used in Bitcoin address generation (applied after SHA-256 to produce shorter addresses). # 3. Proof of Work (PoW) and Mining * **Algorithm:** **SHA-256 (double hash)** * **Purpose:** Used in Bitcoin’s mining process for solving cryptographic puzzles to add new blocks to the blockchain. # 4. Merkle Trees * **Algorithm:** SHA-256 * **Purpose:** Efficiently verify transactions within a block without requiring the full blockchain.
Oh, if I didn't want to answer you, I'd just ignore you. Far in the future b/c someone has to troll the blockchain to find inactive addresses, then has to figure out how to crack their keys so they can provide credentials to move the coins at the inactive address to another place. So I figure it'll take a while, if only because of the difficulty of cracking the key. Nothing prevents someone from finding it, the hard part is cracking the key so that you can move it. If you can't move it, you can engage in a transaction, so you can't buy anything. You'd have a lot of work to get the right key. Here's Gemini. "The Bitcoin blockchain primarily uses elliptic curve cryptography (ECC), specifically the "secp256k1" curve, to generate public and private key pairs, while relying on the SHA-256 (Secure Hash Algorithm 256-bit) hashing algorithm to encrypt data within blocks, ensuring data integrity and validating transactions on the network." A 256 bit key will take a hell of a lot of work to crack. That means there's 2^256 combinations of possible keys. Which... is a lot. So it would take a while to figure it out if you don't already have it. Yes you can theoretically just guess the key, but you have a 1/(2^256) chance of that, which is very, very small.
Oh wow, I thought BTC used prime factorization but its ECC. Thank you for the correction.
Simply put, they are wallets that are quantum-resistant. From the users perspective, Dilithium wallets would behave functionally the same as the current ECC wallets.
How do you guys feel about that new Google quantum chip? Did some research and some people said that it would take millions of physical qbits to break ECC and SHA but others said it would only take 2500 physical / logical qbits. Currently Googles chip, willow, only has 105 physical qbits but many think reaching 2500 can be easily achieved in 5 years. Meanwhile many think that bitcoin can shift to a quantum resistant cryptographic algorithm but others say it is inherently not possible. Thoughts?
Quantum computers can't do *everything* faster than classical computers. In fact, they're much slower than classical computers at almost everything. But, there are some specific types of problems that they're theoretically better at than classical computers. In particular, they're able to solve the math that underpins the RSA and ECC algorithms, which are what pretty much everyone currently uses for digital signatures and key exchanges. Bitcoin mining is based on hashing. Although quantum computers can theoretically have an advantage at hashing, it isn't the kind of advantage it has with RSA/ECC, and it isn't enough to really be a problem. The mining difficulty can simply adjust (which happens automatically) to compensate for whatever advantage quantum computers might have. For Bitcoin, the only serious problem an advanced quantum computer would pose is the ability to crack the private key during the vulnerable window of time between when bitcoins and send out of an address and when that transaction is confirmed on the blockchain. Beyond that, as long as you don't reuse the address, your bitcoins should be safe.
It’s going to happen. Bitcoin uses ECC for security, which is susceptible to hacking from quantum computers. When? Nobody knows. But it will go from hero to zero one day. It’s inevitable with any crypto. I’m not saying there’s a safer way to place or invest your money. I’m just saying it will happen one day. Maybe next month. Maybe 10 years from now.
Top secret and gov data is already post-quantum and redacted when using less secure channels. The weakest data is mobile traffic. As soon as browsers start deprecating ECC, or time for everyone to update their passwords and certificates. Traditional Internet can adopt. Blockchains can't without invalidating existing private keys.
You can’t know those coins are lost, they could just be the ultimate diamond hands hodlers. From what I understand (which is not much) it is ECC not SHA256 that is at risk of being broken by quantum computers, so as long as lost coins are not in addresses that have been reused (where their public key has been exposed), even advance quantum computers would still require billions of years to brut force the private keys.
No, there are loads of addresses with significant amounts of BTC with known public keys. (This article says there are 1.7M BTC in P2PK addresses: https://unchained.com/blog/bitcoin-address-types-compared/) If there was a quantum computer capable of reversing ECC public key to private key I'd expect them to do something more significant. They could attack cryptography fundamental to the internet. They could attack Bitcoin transactions in flight (e.g. to send the BTC to their own addresses). They could move that 1.7M BTC. So I'd expect an attacker to steal a bunch of Bitcoin and turn it into real estate, yachts, gold etc and then sell the quantum computer to someone that wants to destroy Bitcoin and/or the internet. Then live happily ever after. This seems like someone remembering or finding an old key. Probably they just got out of prison.
That's a misconception. The issue here is with private/public key signing which is asymmetric. "Most asymmetric encryption methods (public-key crypto, such as RSA encryption or Elliptic Curve Cryptography (ECC)) are vulnerable to quantum attacks." You're thinking of symmetric encryption (such as AES) which is considered safe assuming the key size is appropriate. So blockchain history is fine, but many many wallets can be cracked. https://www.quintessencelabs.com/blog/why-we-need-post-quantum-cryptography-or-quantum-safe-algorithms
Folks like this are going to get slaughtered when it's finally leaked that ECC and SHA have been compromised. Every bitcoin wallet is based on a public/private keypair generated with ECC and SHA. The entity able to crack these ancient (in tech terms) algorithms will be able to generate your private key from your public key. All bitcoin wallets will require user intervention to 1) generate a new wallet with an updated cryptographic technology and 2) send their funds to the new address. People will just sell. It's only a matter of time. Tick tock. In the meanwhile, enjoy the party!
If they broke sha256, they can't steal anyone's coins. Your coins in your wallet are not protected by the hashing algorithm used to mine coins. The risk with it being broken, is a malicious actor takes over the block production and honest miners can't keep up, so they could pick and choose which transactions are allowed through. So you can't move your coins, but they can. If ECC is broken, everything is fucked, not just bitcoin.
Nope. I mean, you could change the block chain code to only use keypairs generated with a new and secure algorithm, but you can't automatically update all those millions of keypairs that were generated with ECC and SHA to a new tech. Each individual Bitcoin investor will have to generate a new wallet with the new tech and send his funds to it. Chaos.
The black swan that takes it to zero: You wake up to news reports that a government whistle blower has credibly leaked that some security agency has cracked ECC and SHA. This means that they're able to generate your private keys from your public keys. There is no way to update all keypairs to a new cryptographic algorithm. Each crypto holder has to create a new wallet with new keys based on a new tech. Then send their bitcoin to the new wallet. Most will just sell "to be safe". Except they won't be able to sell because everyone else will be selling. Doomsday. Until that day, the party continues! Party on, dudes! Ps. You think this will never happen? The Germans thought Enigma was uncrackable too. How'd that work out for them?
I was born in the middle 70s and have worked as a system engineer for more than a decade. I use distributed storage, linked list structures, PKI, RSA or ECC every day, but I never thought of inventing something like this. So when I first saw the Bitcoin white paper, I knew the value of this thing. It has nothing to do with age, but more to do with experience and cognitive ability
I agree, the quantum technology is growing exponentially and it won’t be long before error correction becomes more efficient. I’m pretty sure it’s 2330 logical qubits needed for shors algorithm to break ECC
Whilst they are not the only one taking action, it does seem that Qanplatform have an edge when it comes to their quantum resistant technology and how they are implementing it to support existing ECC wallets.
A Bitcoin private key (ECC key) is an integer between one and about 10^77. This may not seem like much of a selection, but for practical purposes it’s essentially infinite. If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This currently is far out for now but maybe with time!
There are known quantum resistant algorithms that we can adopt, but they have a higher cost in terms of compute (and possibly storage?) and have not been studied/battle hardened as well as ECC. Signal recently adopted an approach where they layer a new quantum resistant algorithm (CRYSTALS-Kyber) on top of ECC, so that if there are known flaws in CRYSTALS-Kyber, we can in a sense "fallback" to ECC. This is primarily because, if messages are being captured/stored, in 10-20 years we don't want theoretical future quantum computers to be able to as easily decrypt our present day communications en masse, so it's worth the extra overhead. With Bitcoin, space in the blockchain is somewhat precious, but we're not vulnerable until a practical quantum computer is developed, so we don't benefit as much from taking a similar approach today. We pay the price for the protection today, but we don't need it until some TBD "tomorrow". When the time comes where we can see vulnerability on the near horizon, it's very likely that we'll need to hard fork the chain and have a grace period where folks can migrate their existing ECC wallets over to a new scheme, and then at some point we'll need to consider un-migrated wallets to be frozen/burned forever. Or at least, that's my speculation. It'll be a fascinating time, since we would rather quickly find out how many current wallets are well and truly lost, as well as possibly learn whether Satoshi is still out there and wishes to retain access to their stash.
The problem comes when you look at the kind of qubit. One of the biggest problems with most hardware implementations (not photonics though) is that they couple to the environment which decoheres them. The qubits are noisy and the current batch of designs are known as NISQ noisy intermediate scale quantum devices. In order to do accurate calculations requires either better isolation from the environment which is next to impossible, or else multiple qubits can be combined to form a "decoherence free subspace" using various error correcting codes like Calder codes to deal with the problem (similar to how checksums and other ECC works in classical computers). This typically requires 7 - 10 physical qubits per corrected logical qubit. Your next problem is scaling and there are many other problems that are dependant on the underlying physical qubit type. It will only be disruptive over decades imo.
It's your private/public key where the weakness lies. ECC is easily broken by quantum computing, which is why major business and government are already preparing. NIST has advised all systems to start preparing now. Check out Linux post quantum computing association. Nvidia, IBM, AWS, Google are there. They get it. There's about 20 members. 2 blockchain members include QANPlatform and QRL. While it would be great if bitcoin could implement similar solutions, it really is hard if not starting with a fresh chain.
Here's how: go to the bitcoin chart. Click on "ALL" then click on "LOG". What you'll see is almost the perfect graph of y=log(x). As Elon would say, "Let that sink in". Just don't think about what happens when it finally leaks that the NSA cracked ECC and SHA. Have a great weekend!
It's not arbitrary at all. I chose 4 year for Bitcoin for obvious reasons, and for MSFT, I'm looking at the annual change over it's entire history. USD has no impact on the relative growth of MSFT and BTC. I could just as easily compare MSFT to GE, but that makes no sense (much like you yourself are making). A cheap quantum attack on SHA256 makes Bitcoin worthless. If you don't understand that, you don't understand Bitcoin. Meanwhile, a quantum attack on SHA256 does not impact Microsoft at all. Not only can they change hashes whenever they want, they generally rely on more modern algorithms like ECC already. Where's your citation for Saylor's investment portfolio? How do you know (provide links) what he's invested in? You're ignorance is laughable.
Please keep in mind that bit-size is a meaningless metric without an encryption protocol. A 256-bit ECC key is equivalent in strength to a 3072-bit RSA key
Because by definition: Cryptography is the art of using various methods/patterns and algorithms for encryption and decryption, as well as others such as digital signatures hashes etc. etc. you get the point Cryptocurrency is simply a digital currency that uses various cryptographic primitives (such as ECDSA) to securely facilitate verifiable digital transactions in a no -interactive fashion. These are two very different concepts. While yes, cryptocurrency uses cryptography, it’s not built upon unique mathematical concepts/constructs except for a select few shit coins/privacy coins utilizing novel constructs. Developers will need to switch from ECDSA/ECC to ML-DSA-44 (Level 1 - 128-bit security), ML-DSA-65 (Level 3 192-bit security) and ML-DSA-87 (Level 5 - 256-bit security). These are all based on the CRYSTALS-Dilithium method for digital signatures
This is nicely done, upvote worth material. Just to nit pick on you. This does not prove you do not have the private key, it rather says that it is computationally infeasible for you to have it unless you broke ECC or got very lucky. In other words, ECDSA does have some model assumptions and those are not unbreakable in theory.
imagine the formula (x*7)%10. By incrementing x from 1, you get: 7, 4, 1, 8... 10 would be the keyspace, your address could be anything from 0 to 9. And 7 would be your seed number. A wallet increments x to give you as many addresses as you need. The keysize for Bitcoin is obviously way more massive than 10, we use ECC instead of modular arithmetic and your seed is much bigger and harder to guess than 7. Regarding the ability to check your balance, using ECC, we can actually take the master private key derived from your seed words, get the associated public key, and from there we can generate all the addresses without being able to calculate their spending private keys. We take this public key (called an extended public key) and call it XPUB. Many wallets can import an XPUB and become a "read only" wallet. They can help you check your balance, see your historical transactions, without compromising funds.
It may not be a hack but a response to the fact that quantum computing is advancing faster than expected. Quantinuum just achieved a mind-blowing ratio of 12 logical qubits on only 56 physical, and is expecting to be at hundreds of logical qubits by 2029. Shor's breaks ECC at around 1500. And the core dev's don't seem think it's an issue worth worrying about now. The wallets may simply be getting out before fear starts setting in.
Without a trustworthy trapdoor function, none of this would work. SHA-2 was the foundational innovation that unlocked Hashcash/BTC. I would also argue that hashing algorithms are inherently more secure against QC than any kind of public-private key cryptography, since there isn't a fixed 1-to-1 pairing (infinite inputs resulting in finite outputs). ECC or any other discrete log encryption scheme is going to need replacement before SHA. Which is good, because SHA is the algo currently burned onto all of the ASIC's.
Quantum computing breaking ECC256 & the ability to derive private key from public key.
It's open source, and surprisingly simple under the hood. Not much to attack. The security is derived from SHA-256. Hashing algos are what fundamentally made BTC possible. It is just a novel use of partial hash collisions, the real innovations have been piling up for years behind the scenes (ECC/proof-of-work). It really is as strong as everyone says it is. And far more secure than any other finacial network on Earth.
Both ECC and RSA are vulnerable. There is a reason NIST released new standards
The year that people were commonly predicting for 256 bit ECC being at risk was 2030-2031, with increasing risk per year. The estimates among experts familiar with the papers described here are now estimating 2026-2027, with a slim possibility of 2025. More: https://quantumevm.com/article/quantum-algorithm-litinski
This stems from the fact that unused addresses are protected by SHA-256 and RIPEMD-160, while a used Private key that is exposed to the blockchain is vulnerable to Shor's algorithm due to using eliptic curve cryptography. However, even SHA-256 and RIPEMD-160 are not immune to quantum attacks and they are also vulberable to Grover's algorithm (which is less dramatically impactful than Shor's, but still an issue to consider), and while they may be MORE resistant to CERTAIN quantum attacks than ECC, no cryptographic algorithm is truly "quantum-resistant" at this time, including Bitcoin addresses with Private Keys that have never been used and exposed to the blockchain. For these reasons, the community is actively researching REAL quantum-resistant alternatives. It is definitely safer to use a new address every time, but it is a mistake to assume that an unused address with SHA-256 or RIPEMD-160 cannot be breached by a sufficiently powerful quantum computer. That is not the case and is a common misconception. BUT it is currently our best practice option until a real solution is presented...but the fact is that we will eventually need some kind of change to protect against quantum computing. We cannot keep things exactly as they are now without high risk in the long term. I hope that helps to clarify.
Yes, there is a real risk, that the elliptic curve cryptography (ECC) of the bitcoin protocoll will be broken by quantum computing in the next 5 to 10 years. Read this to learn more about the issue: [https://arxiv.org/pdf/1710.10377v1](https://arxiv.org/pdf/1710.10377v1) The bitcoin ECC-algorithm is less quantum resistant than the classic RSA-algorithm, which is used in HTTPS-protocol for example.
> **Diversifying your 2018 investment portfolio with high risk and low risk coins** > Put $10k into high risk high return coins XSPEC, SUMO, ECC, ODN, BNTY, SNOV > Put $15k into medium risk medium return (10x) coins, COSS, POE, PRL, DBC, ENJ > Put $5K into low risk, low return (3x-10x) coins Bitcoin, Ether, Nano, VEN, IOTA, BNB https://np.reddit.com/r/CryptoCurrency/comments/880ixl/diversifying_your_2018_investment_portfolio_with/ I remember so many of this kind of posts from 2018 to 2020.
Our current cryptography (RSA, ECC) is vulnerable to quantum attacks. I guess adopting post-quantum cryptography is essential to secure our digital communications and transactions, no?
Very interesting history. Thanks for pointing out ECC along with RSA.
You act very confidently and aggressive, dare I say. Yet all this posturing rests on that tiny "if" the current paradigm is s broken. Small thing. Reversing the hash, as you put it, is the real problem. QC cannot do that, it "only" breaks ECC. But IF that paradigm is broken, your pads are useless because I'm going to drain your bank account directly through online banking. And then some more, since the SHA that wraps a Bitcoin public key is the same used all over. So IF the current paradigm is broken, unless you have gold only and bullets aplenty, you're just as much of a bag holder. Also, Bitcoin's public keys are hashed twice, just in case. And for the love of everything cryptographic, stop throwing vaguely related issues like P and NP out there. Won't even impress armchair cryptographers.
There are a few quantum resistant encryption schemes on the way: # 1. Lattice-Based Cryptography: * **How it works**: Lattice-based cryptography uses the hardness of certain mathematical problems related to lattices (geometric structures in multi-dimensional spaces). The security of lattice-based schemes relies on finding short vectors in high-dimensional lattices, which is believed to be difficult for both classical and quantum computers. * **Quantum resistance**: Quantum computers are not expected to have a significant advantage in solving lattice problems due to their design. They would need exponentially more qubits (quantum bits) and operations to break lattice-based cryptography compared to classical computers. This makes lattice-based schemes a strong candidate for post-quantum security. # 2. Code-Based Cryptography: * **How it works**: Code-based cryptography uses error-correcting codes where encoding and decoding messages involve solving specific mathematical problems, such as the syndrome decoding problem. These problems are computationally hard and believed to resist attacks from quantum computers. * **Quantum resistance**: Quantum computers are not known to efficiently solve problems related to error-correcting codes used in code-based cryptography. The algorithms used in this approach are designed to be resistant to quantum attacks by leveraging the complexity of decoding techniques. # 3. Hash-Based Cryptography: * **How it works**: Hash-based cryptography relies on hash functions, which are mathematical algorithms that convert input data into a fixed-size string of bits (the hash value). It uses properties such as collision resistance, where it's hard to find two different inputs that produce the same hash value. * **Quantum resistance**: Quantum computers can theoretically perform faster searches for collisions or pre-images (finding an input that matches a given hash value). However, cryptographic hash functions like SHA-256 are designed with sufficiently large output sizes and complex structures that make finding collisions infeasible, even for quantum computers. # 4. Multivariate Cryptography: * **How it works**: Multivariate cryptography uses systems of multivariate polynomial equations for encryption. Solving these equations to break the encryption requires finding solutions in a large space of possible inputs, which is computationally intensive. * **Quantum resistance**: Quantum computers face challenges in efficiently solving systems of multivariate polynomial equations due to the complexity of operations involved. The security of multivariate schemes relies on the difficulty of solving these equations, which current quantum algorithms are not expected to significantly expedite. # Summary: * **Common theme**: All these quantum-resistant cryptographic approaches rely on leveraging mathematical problems that are believed to be hard for quantum computers to solve efficiently. * **Quantum advantage**: Quantum computers do not provide a substantial advantage in breaking these types of encryption compared to classical computers, ensuring robust security even in the future quantum computing era. * **Development**: Ongoing research and standardization efforts aim to further develop and refine these cryptographic techniques to enhance their efficiency and applicability in securing digital communications and data against potential quantum threats. The real threat from quantum computing is to RSA encryption and ECC. AES-256 will still be fine so long as the password has enough entropy, such as above 100.
No it can't, not simply. This is a massive undertaking that will be a minimum of 5 years assuming the core devs can even come to consensus on which algorithm to use There's a real chance we have a sufficiently capable quantum computer by then (IBM says they should have one by early 2030s) running Shor's algorithm which can crack ECC - what BTC, ETH, and all other cryptos are using for their signature scheme. The only projects that have even mentioned it are ETH and ALGO but are still using ECC. Vitalik even said in his blog post that ETH will wait for a quantum attack to occur, then perform a rollback which will damage the immutability of the chain. https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 QRL is leading the small subset of coins actively addressing this problem of being quantum secure from genesis. Bitcoin cannot simply fork to solve the problem
Sure. I suppose that would break all encryption, including blockchain security. I consider quantum computing breaking ECC (using supercomputers) to be a gray swan event that could occur in 100 years, but solving the Riemann Hypothesis seems near-impossible.
No bud. Just no. Below are the Network & Hardware reqs for a rpc node. Source: https://docs.solanalabs.com/de/operations/requirements Networking: Internet service should be at least 1GBbit/s symmetric, commercial. 10GBit/s preferred. Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk
>RAM >256GB or more >Error Correction Code (ECC) memory is suggested >Motherboard with 512GB capacity suggested Okay Solana :D
Source: https://docs.solanalabs.com/de/operations/requirements Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk
Well it's not only FUD, it's also false. First, we do not know if QC of that power are even viable to exist. That is still an open question. Then, let's assume that this question is resolved positively, that is that someone at some point finds a way to create such a powerful QC that could produce the signature without having the private key. Advancements like this do not happen over night. Computers of all kinds are incrementally improved and since we are talking about many orders of magnitude, we would first hear about QC being able to break weaker forms of cryptography long before there would be one strong enough to break ECC used in Bitcoin. What that means that we would have enough time to apply a softfork to introduce quantum resistant schemes to protect the coins. And while there is a separate problem with coins that would not upgrade (e.g. lost coins), there have already been discussed schemes based on zero knowledge proofs of having the correct seed that would protect even those coins with a softfork. It's not 100%, but it's close enough. So for all active users, QC will be non-issue, i.e. Bitcoin is safe. For some of unupgraded/lost coins, the attacker could possible spend them and create a temporary disruption of the market, not unlike we've seen with MtGox, FTX and others. And yet, Bitcoin always recovered from this in somewhat short time. Arguably, Bitcoin is more safe than physical gold as it is very hard to move the gold, so you are often stuck to a location, or have a great risk of losing it. And since nation states are arbitrary about changes in their laws, this property makes gold quite insecure for the future in many places in the world including US and EU.
Most of them post data like this: * L1 or DA Layer: Gets only the hashes of the transactions. * DA Committee: Gets transaction data and hashes. Keep in mind that Validiums are not all the same. I'm not sure why you mentioned all of that mumbo jumbo about elliptic curve cryptography since it seems irrelevant to understanding Validiums. Rollups don't have to use ECC.
This is not strictly true. The upgrade from RSA to ECC on the card networks took years. The NSA monitors the resilience to attack of encryption methods. I would imagine that there are few quantum computing sites with the facilities, let alone know-how, to mount a credible attack. Those that will be monitored by the NSA, if not, they should be.
While you got some things right you forgot one key thing for the attack to succeed. First you need a quantum computer with 6x qbits of the key length for ECC. which means for bitcoin that uses 256bits keys, you’ll need 1536 qbits. That’s not a small feat, and I won’t get into the details but it’s not coming in 5 years that’s for sure. Second and most importantly you’ll need a public key to try this attack, and this information is not disclosed until you send bitcoin from an address. The address is a hash derived from the public key, and cannot be reversed of course. Basically if you just use an address to accumulate bitcoin, it’s not vulnerable to quantum computers, until you send bitcoins from it. That’s why it’s a recommendation to not reuse adresses and always generate new ones.
20 funds selected for monthly dividend distribution: Fund Ticker.....annual Yield ECC.....18.73% ACP..... 17.7% CRF.....17.67% SVOL..... 16.27% IGR...... 13.64% RYLD.... 11.9% RIV..... 12.77% RYLD..... 11.51% THW..... 11.13% MORT..... 10.71% XYLD..... 9.47% SPE..... 8.5% ETJ..... 8.3% EXG..... 8.16% LGI..... 7.88% JEPI..... 7.24% AMZA..... 7.17% EINC..... 3.49% Almost pure ETFs. Some closed ended funds. Main theory behind it was to promote DCA. All the dividends get reinvested to rebalance the portfolio to an even 5% split across 20 funds. I'll prune out the closed ended funds this year and rebalance for pure ETF portfolio. But again, this is about 50% of my brokerage account. With these funds exceed the allocation for it, the dividends buy BTC etfs and other growth focused ETFs that may have quarterly, annual, or no dividend at all.
Supercomputers cannot break 128-bit cryptography, that is like guessing the one correct atom in the visible universe, and guessing has a cost of energy and computation. However, quantum computers could break ECC cryptography, although all indications point to that being far away or perhaps not possible given the current rate of errors. Bitcoin may need to eventually adopt quantum-secure digital signature schemes, but all lost or unmoved coins could be stolen.