ECC

ReallyOrdinaryMan

Elliptic-curve cryptography is how bitcoin handles encryption. Its not about computing power, it designed that way that encryption can't be reverse engineerable. No matter how much computing power you have. What you saying in your post is different thing. Its brute forcing. Its nothing to do with encryption method (ECC). Will ECC ever be broken? I have no clue, I'm not an math expert. I hope not.

ReallyOrdinaryMan

Both Sha256 and ECC were widely used in cryptography before bitcoin, so Satoshi did nothing new about particular components of how bitcoin works. He did well about blending them together to create a product. It doesn't need to be come from future.

freakythrowaway79

Quantum computing paired with AI (like for intelligent keyspace narrowing or pattern prediction) could eventually pose a serious threat to current cryptographic systems—including Bitcoin’s elliptic curve cryptography (ECC). Bitcoin Private Key Recovery To "recover" lost Bitcoin, you'd typically need the private key associated with a known address. Bitcoin uses: Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve. The private key is a 256-bit number. A brute force attack would mean guessing the private key, but there are 2^256 possible combinations. Insanely huge. Quantum Threat Quantum computers could use Shor’s algorithm to break ECC: Shor’s algorithm can solve discrete log problems (the core of Bitcoin’s cryptography) exponentially faster than classical methods. A fully operational fault-tolerant quantum computer with ~1,500 to 2,500 qubits could potentially crack ECC used in Bitcoin. More than likely Bitcoins encryption will be updated before we come to this crossroads.

HSuke

Because these practice keys are much shorter and many orders of magnitude easier to crack than an actual 256/384-bit ECC key.

HSuke

The title is completely misleading and threw me off too. They meant whoever cracks the "longest" key of a simple version of the ECC keys, which are much, much shorter than actual 256/384-bit ECC keys.

HSuke

I really don't get this design. It's easier to break shorter ECC keys. If they reduced it to from 256/384 bits to 48-64 bits, then this would be an idea contest. Why are putting up a contest with longer keys?

Original-Assistant-8

This article was covered by Scott Melker. Of course, if you could crack ECC, you would be able to steal waaayyyyyy more than 1 BTC. The contest is actually to see how many bits you could break. The contest is aiming to understand how close the threat is. I find it comical because the MAJOR players who are building scalable machines using a multitude of approaches are not worried about earning 1 BTC. The contest will not tell us much, but it does raise awareness. If you watch Scott's video, he at one point realizes he has always just laughed this off, but he probably shouldn't. He fully expected to poke fun at the article and then saw this is something all systems will be dealing with. I've posted over time about the progress quantum computing is making, and how coin after coin begins to dig in on how to fork over to Post Quantum Cryptography. ETH, ADA, SOL, and even some BTC maxis are talking about what they are going to do. And the more they talk, the more of a mess they realize they have in front of them. I don't think it's doomsday... unless they keep spinning rather than start building.

coinfeeds-bot

tldr; Project Eleven has launched the 'Q-Day Prize,' offering 1 Bitcoin to anyone who can crack the largest Bitcoin key using a quantum computer by April 5, 2026. The competition aims to assess the threat quantum computing poses to Bitcoin and explore quantum-proof solutions. Participants must use Shor's algorithm without classical shortcuts. With over 6 million Bitcoin potentially at risk, the challenge highlights the urgency of addressing quantum computing's impact on elliptic curve cryptography (ECC). *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.

ProsumGear

I am under the impression that the rest of the world have gotten over the breakup period of losing a partner and have started strengthening and making new trade partners. Canada has signed free trade with ECC and Jan 17th right before the inauguration Mexico did the same with ECC. Canada has made deals for oil exports to china japan and finally the ECC as well and reduced dependence on exporting to trump. China, Japan and South Korea would have never worked together, if it wasn’t for trump. One of those podcasts, can’t remember which stated that as trump keeps saying he was chosen by g-d to do his work on planet trump, the explanation is that, yes, he is right, he was used as one of those biblical plagues to break down humanity and to show the effects of vileness, cruelty and lack of empathy. As we see he is harming all people a like. He was bragging in th Oval Office about Charles Schwab making 2.5 Billion $ in one day and the other guy 900 million, however he didn’t say that he actually made them lose 20% of their wealth to start with and gain only 8% back. BTC what a shame. I really was under the impression that all the crypto gurus have been talking about 200k by the end of the year, now it’s seems as a distant dream.

Embarrassed-Wish-800

I wouldn’t rely on that guy. He got discredited by the devs of another project he “found flaws in”. there response clearly showed he was incorrect. Besides, we all know where he’s interest lies so makes sense that he finds problems in other projects. The truth is it’s ignorance (not understanding). Qanplatforms XLINK is a mechanism by which a chain can continue to safely use ECC with a means to transition to PQC when needed. Because every wallet address within the XLINK layer has a PQC signature to authenticate the address, thus all wallets are secure from QC’s before and after the transition PQC wallets. Of course this is only true for testnet at the moment as the mainnet hasn’t launched yet.

freakythrowaway79

From my understand & research that is correct. Even between quantum computing & Ai technologies. Technically It would be "illegal" to hack or steal them. From my understanding even the most advanced technology won't be able to hack due to the hashing sequence. 🤔 The mathamatics involved is unthinkable. The blockchain has I'm not sure how accurate Chat GPT is but ask it yourself. There's at least low-level information available to learn about it. Estimating when SHA-256 might be broken by AI and quantum computers depends on the progress of both fields, especially quantum computing. Here’s an analysis based on current knowledge: 1. Classical Computing and AI Threats AI, even with advanced machine learning models, cannot directly break SHA-256 because it’s based on complex mathematical properties like the avalanche effect (small input changes cause large hash changes). However, AI could help: Identify patterns in hash generation or network vulnerabilities. Optimize the mining process to make it more efficient (but not to break the hashing itself). Therefore, AI alone is unlikely to break SHA-256 anytime soon, if ever. --- 2. Quantum Computing Threats Quantum computers pose a more serious threat because of their ability to solve certain mathematical problems exponentially faster than classical computers: Shor’s Algorithm Shor’s algorithm can theoretically break RSA and ECC encryption by factoring large numbers and solving discrete logarithms efficiently. However, SHA-256 is based on a one-way hashing function (not factoring or discrete logs), so Shor's algorithm cannot directly break SHA-256. Grover’s Algorithm Grover’s algorithm allows quantum computers to search an unsorted database (or invert a hash) in √N time instead of N time. For SHA-256, Grover’s algorithm could reduce the effective security from 256 bits to 128 bits — which is still very strong (AES-128 is considered secure against classical attacks). --- 3. Timeline Estimate Current quantum computers (like those from Google and IBM) have only reached about 1,000 qubits — far below the estimated millions of error-corrected qubits needed to threaten SHA-256 using Grover’s algorithm. Estimates vary, but experts predict that: It could take 15 to 30 years to develop a quantum computer capable of running Grover’s algorithm at a scale that could weaken SHA-256. It may take even longer (if ever) to reduce security to a practically exploitable level, considering the need for fault-tolerant qubits. --- 4. Post-Quantum Cryptography To prepare for this, researchers are working on post-quantum cryptography (PQC), which includes hash-based cryptography that quantum computers are unlikely to break. SHA-256 itself is not currently under immediate threat, but blockchain systems could eventually upgrade to quantum-resistant hashing algorithms (like SHA-3 or lattice-based methods). --- 👉 Conclusion AI is unlikely to break SHA-256 directly. Quantum computers using Grover’s algorithm might weaken SHA-256 to 128-bit security, but this would require millions of qubits and may take 15–30 years (or longer) to become practical. Blockchain systems will likely adopt quantum-resistant algorithms before quantum computing reaches this level.

KeySpecialist9139

Bank sector does indeed uses RSA and ECC for encryption and authentication. Shor’s algorithm also threatens these systems, no doubt, by factoring large primes or solving discrete logarithms. However, banks often employ layered security, including symmetric encryption and centralized key management. So my money is a few orders of magnitude safer in traditional banking environments.

Born_Acanthisitta395

Alright, let’s talk about Bitcoin and its potential quantum doomsday scenario—but with a bit of perspective. Right now, Bitcoin is like a medieval castle, fortified with cryptographic walls so strong that even the most advanced classical computers would need longer than the age of the universe to break in. But enter quantum computing, the rebellious new kid on the block, with a sledgehammer made of Shor’s Algorithm and an attitude that says, “Rules? What rules?” What’s the Big Quantum Scare? Bitcoin’s security relies heavily on elliptic curve cryptography (ECC)—which is fantastic against traditional computers but about as useful as a wet paper bag against a large-scale quantum computer running Shor’s Algorithm. This means: 1. Public Keys Become Sitting Ducks – Right now, your Bitcoin is safe because your private key is derived from your public key in a way that makes it mathematically impossible (for classical computers) to reverse-engineer. Quantum computers, however, could do this in minutes or hours—turning your public key into an open invitation for thieves. 2. The “Steal-it-if-it’s-not-moved” Problem – Bitcoin transactions expose public keys during a transaction. If a quantum attacker sees an unmoved Bitcoin sitting in a wallet with a known public key, they could extract the private key and take the funds before you do. It’s a classic game of “who types faster?”—except your opponent is an AI-enhanced, quantum-fueled speed demon. 3. 51% Attack on Quantum Steroids – If a sufficiently powerful quantum computer emerges, it could theoretically break Bitcoin’s mining algorithm (which uses SHA-256 hashing) more efficiently than classical miners. This could lead to quantum dominance in mining, allowing one entity to outpace the network and potentially manipulate transactions or double-spend. So, Are We All Doomed? Not really. Here’s the good news: 1. Quantum Computers Aren’t There Yet – The largest functional quantum computers today have a few hundred qubits and are mostly busy simulating molecules, optimizing logistics, and confusing undergrads. To break Bitcoin, you’d need a fault-tolerant quantum computer with millions of qubits, and we’re not even close. Experts estimate this could take 10-20 years at minimum—and that’s assuming breakthroughs that no one has figured out yet. 2. Post-Quantum Cryptography is Already a Thing – Smart people (the kind who do math for fun) are developing quantum-resistant cryptographic algorithms. Bitcoin developers are actively researching ways to upgrade the network to use post-quantum cryptography before quantum computers pose a real threat. 3. You Can Protect Your Own Bitcoin – If you’re worried, don’t reuse addresses. Use wallets that generate a fresh address for every transaction so that your public key never sits exposed for long. 4. Soft Forks and Upgrades – If quantum computing gets close to being a real problem, Bitcoin can implement a network-wide soft fork to switch to post-quantum cryptographic algorithms like lattice-based cryptography. The Bitcoin network has survived major upgrades before; this would just be a big one. The Bottom Line Right now, Bitcoin is safe, and quantum computers are more of a James Bond villain concept than an immediate apocalypse. The real risk isn’t waking up tomorrow to find Bitcoin wallets empty—it’s being too slow to adapt once quantum computing actually reaches a breaking point. Fortunately, Bitcoin’s decentralized development community is already preparing, so when the quantum revolution comes, it’s more likely to be a tech upgrade rather than a catastrophic event. Now, if someone does manage to build a million-qubit quantum computer tomorrow, well… we’ll have bigger problems than just Bitcoin.

brandonholm

It’s not as big of a threat to Bitcoin currently since you can take some simple steps to protect yourself from long exposure attacks by using a P2PKH or P2WPKH address type and avoiding address reuse. With these addresses types, an attacker would need a significantly more advanced quantum computer that’s able to crack keys within the time from when a transaction is broadcast until when it is mined. We have the time still to flesh out an ideal solution that will have minimal impact to blockchain size. In an emergency situation say if there was a quantum breakthrough tomorrow, it would be easy enough to implement a solution that would work, but is far from ideal. ECC depreciation isn’t recommended by NIST until 2030 still, and it’s likely we could see a soft fork for BIP-360 well before that, so there’s no point rushing out a solution now. Coins like QRL just exist to enrich their devs from FUD around quantum computing, which while quantum concerns are valid, there’s no reason to panic yet, especially when people are working on solutions.

brandonholm

They are still working on figuring out the best solution. The major issue is that current quantum resistant signatures are significantly larger than ECC based signatures, and will likely require another witness discount or block size increase. It will also require extensive testing before it’s introduced to main net.

LewdConfiscation

Quantum computing is definitely a long-term concern, but crypto isn’t doomed just yet. Most modern cryptographic systems, including Bitcoin and Ethereum, rely on elliptic curve cryptography (ECC), which could be broken by a powerful enough quantum computer. However, researchers are already developing post-quantum cryptography (PQC) to counteract this, and blockchain networks will likely upgrade when the time comes. For self-custody, using a Cypherrock cold wallet or other hardware wallets that can integrate PQC-resistant cryptography in the future is a smart move. Decentralized key storage, like Cypherrock approach, already adds an extra layer of security against traditional hacks, and future firmware updates could further enhance protection against quantum threats.

AltcoinBaggins

According to the following paper Shor's algorithm actually *can* be used to break ECC as well: https://eprint.iacr.org/2017/598.pdf

brandonholm

The consensus mechanism and chain history aren’t vulnerable to quantum computing. Only the ECC cryptography used when signing transactions is vulnerable. Shor’s algorithm could theoretically be used by a powerful enough quantum computer to derive private keys from exposed public keys, so really old P2PK addresses and P2TR addresses are immediately vulnerable, and any P2PKH or P2WPKH or the script hash version of these addresses are safe for now unless addresses have been re-used. These addresses will be vulnerable if QC becomes fast enough that they can derive a private key from the public key while transactions from these addresses are still pending after they’ve been signed. What will be a lot of work is getting everyone to move their coins to the new quantum safe addresses once they’re available and before a quantum threat materializes.

Tondi007

Thanks ChatGPT. However I believe this answer assumes a brute force attack. This answer, and this thread in general, is missing an important discussion on the chips impact on identifying methods of factoring large primes which would break ECC.

Pasukaru0

1: Correct. Never said anything against that. 2: Also correct. See 1 3: Also correct. See 1 > Your 8-qubit processor Mine? I don't have one. I'm on your side here. I'm fully aware that quantum computing is no threat to ECC for a long long while. I don't know why you bang on this, that was not the point I was disagreeing with you?

DereksCrazy

Asked chat GPT how I could crack Satoshi’s wallet with this 8 qubit processor and it gave me the following: An 8-qubit processor is far from capable of breaking Bitcoin’s cryptography. Bitcoin’s security is based on elliptic curve cryptography (ECC) using the secp256k1 curve, which relies on the discrete logarithm problem—a problem that is currently infeasible to solve with classical or near-term quantum computers. Why Your 8-Qubit Processor Won’t Work: 1. Quantum Volume Matters More Than Qubit Count – An 8-qubit processor has neither the coherence time nor the error correction needed for meaningful cryptographic attacks. 2. Shor’s Algorithm Requires Thousands of Logical Qubits – To break a 256-bit ECC key, you would need a fault-tolerant quantum computer with millions of physical qubits to account for noise and error correction. 3. Current Quantum Computers Are Not There Yet – The most advanced quantum processors today (as of 2025) are in the range of a few hundred physical qubits and are far from breaking ECC or SHA-256. What Would Be Needed to Break Bitcoin? • A large-scale, fault-tolerant quantum computer with at least 3000+ logical qubits (which translates to millions of physical qubits). • A stable implementation of Shor’s algorithm for ECC, which is purely theoretical for now. • Decades of advancements in quantum error correction and hardware. Reality Check: Bitcoin remains safe from quantum attacks in the foreseeable future. If practical quantum attacks on ECC emerge, the Bitcoin network can upgrade to quantum-resistant cryptography (e.g., lattice-based cryptography) before any real threat materializes. If you’re interested in quantum computing, it’s more productive to explore fields like quantum chemistry, optimization, and cryptographic research rather than hypothetical attacks on well-secured systems.

hughhefnerd

I'm replying to you, rather than brtastic, because while he is technically correct, I feel as though you may benefit more from a more simplistic breakdown (please don't think I'm being condescending, this also helped solidify my knowledge gaps) There are different cryptographic concepts/ techniques which are easily confused because they can be used in different ways: Public Key Cryptography: Is an asymmetric cryptographic system that uses a mathematically linked key pair (public and private keys) PKC has multiple applications beyond just securing data. It can be used for encryption, digital signatures, and key exchange. In encryption, the public key encrypts, and the private key decrypts (used in HTTPS, PGP). In digital signatures, the private key signs data, and the public key verifies authenticity (used in Bitcoin transactions and document signing). Encryption: There are two types of encryption but essentially encryption is the process of making data unreadable/unusable (encrypted) until it can be rendered useable again with a key (unencrypted): Symmetric Encryption: Uses the same key for encryption and decryption. Asymmetric Encryption: Uses a Key Pair, which are essentially mathematically intertwined keys (RSA, ECC) in which the encryption key is different than the decryption key. Hashing: Hashing is a cryptographic process that transforms input data into a fixed-length string (hash) using a mathematical algorithm. It is a one-way function, meaning the original data cannot be reversed from the hash. Even a small change in the input produces a drastically different output. Hashing is used for data integrity verification, password storage, and proof-of-work in Bitcoin mining. Common hashing algorithms include SHA-256 (used in Bitcoin), MD5, and Bcrypt. Unlike encryption, hashing does not require a key and is meant for verification, not secrecy. Hopefully that helps clear some of the concepts up, and explains what brtastic was saying.

StationaryTravellers

The threat of quantum computing to cryptocurrency security isn’t just theoretica, it’s a real challenge the industry will have to face. Most blockchains today rely on SHA-256 and elliptic curve cryptography (ECC), both of which could be broken by quantum computers running Shor’s algorithm.... Lqrge scale quantum attacks are probably few years away but waiting until the last minute to adapt could be a DISASTER... This is where Cellframe stands out. Unlike BTC, ETH or other major blockchains that will have to retrofit quantum resistance later (Hard fork, shutting down the network for months...), the transition will be complex and slow. Cellframe is already quantum safe. CELL uses NTRU lattice based encryption, one of the most secure cryptographic methods against Q threats. It’s a multi-chain platform designed for interoperability, scalability, and even decentralized services like VPNs. The problem is clear: once quantum computers become powerful enough, traditional blockchains will be vulnerable to key theft, double spending and identity spoofing. The solution is also clear. DYOR. NFA.

sbux123321

Bitcoin uses multiple cryptographic techniques for different aspects of its functionality: # 1. Public-Key Cryptography (Elliptic Curve Cryptography - ECC) * **Algorithm:** **Elliptic Curve Digital Signature Algorithm (ECDSA)** * **Curve:** **secp256k1** * **Purpose:** Used for generating Bitcoin addresses and signing transactions to prove ownership of funds. # 2. Hash Functions * **SHA-256 (Secure Hash Algorithm 256-bit)** * Used in Bitcoin mining and block hashing.Ensures integrity by linking blocks via cryptographic hashes. * **RIPEMD-160** * Used in Bitcoin address generation (applied after SHA-256 to produce shorter addresses). # 3. Proof of Work (PoW) and Mining * **Algorithm:** **SHA-256 (double hash)** * **Purpose:** Used in Bitcoin’s mining process for solving cryptographic puzzles to add new blocks to the blockchain. # 4. Merkle Trees * **Algorithm:** SHA-256 * **Purpose:** Efficiently verify transactions within a block without requiring the full blockchain.

Tim-Sylvester

Oh, if I didn't want to answer you, I'd just ignore you. Far in the future b/c someone has to troll the blockchain to find inactive addresses, then has to figure out how to crack their keys so they can provide credentials to move the coins at the inactive address to another place. So I figure it'll take a while, if only because of the difficulty of cracking the key. Nothing prevents someone from finding it, the hard part is cracking the key so that you can move it. If you can't move it, you can engage in a transaction, so you can't buy anything. You'd have a lot of work to get the right key. Here's Gemini. "The Bitcoin blockchain primarily uses elliptic curve cryptography (ECC), specifically the "secp256k1" curve, to generate public and private key pairs, while relying on the SHA-256 (Secure Hash Algorithm 256-bit) hashing algorithm to encrypt data within blocks, ensuring data integrity and validating transactions on the network." A 256 bit key will take a hell of a lot of work to crack. That means there's 2^256 combinations of possible keys. Which... is a lot. So it would take a while to figure it out if you don't already have it. Yes you can theoretically just guess the key, but you have a 1/(2^256) chance of that, which is very, very small.

cico_to_keto

Oh wow, I thought BTC used prime factorization but its ECC. Thank you for the correction.

jlogelin

Simply put, they are wallets that are quantum-resistant. From the users perspective, Dilithium wallets would behave functionally the same as the current ECC wallets.

type_error

How do you guys feel about that new Google quantum chip? Did some research and some people said that it would take millions of physical qbits to break ECC and SHA but others said it would only take 2500 physical / logical qbits.  Currently Googles chip, willow, only has 105 physical qbits but many think reaching 2500 can be easily achieved in 5 years. Meanwhile many think that bitcoin can shift to a quantum resistant cryptographic algorithm but others say it is inherently not possible. Thoughts?

Nanobot

Quantum computers can't do *everything* faster than classical computers. In fact, they're much slower than classical computers at almost everything. But, there are some specific types of problems that they're theoretically better at than classical computers. In particular, they're able to solve the math that underpins the RSA and ECC algorithms, which are what pretty much everyone currently uses for digital signatures and key exchanges. Bitcoin mining is based on hashing. Although quantum computers can theoretically have an advantage at hashing, it isn't the kind of advantage it has with RSA/ECC, and it isn't enough to really be a problem. The mining difficulty can simply adjust (which happens automatically) to compensate for whatever advantage quantum computers might have. For Bitcoin, the only serious problem an advanced quantum computer would pose is the ability to crack the private key during the vulnerable window of time between when bitcoins and send out of an address and when that transaction is confirmed on the blockchain. Beyond that, as long as you don't reuse the address, your bitcoins should be safe.

Longjumping_Range524

It’s going to happen. Bitcoin uses ECC for security, which is susceptible to hacking from quantum computers. When? Nobody knows. But it will go from hero to zero one day. It’s inevitable with any crypto. I’m not saying there’s a safer way to place or invest your money. I’m just saying it will happen one day. Maybe next month. Maybe 10 years from now.

HSuke

Top secret and gov data is already post-quantum and redacted when using less secure channels. The weakest data is mobile traffic. As soon as browsers start deprecating ECC, or time for everyone to update their passwords and certificates. Traditional Internet can adopt. Blockchains can't without invalidating existing private keys.

usrname_chex_out

You can’t know those coins are lost, they could just be the ultimate diamond hands hodlers. From what I understand (which is not much) it is ECC not SHA256 that is at risk of being broken by quantum computers, so as long as lost coins are not in addresses that have been reused (where their public key has been exposed), even advance quantum computers would still require billions of years to brut force the private keys.

Desperate-Barnacle-4

No, there are loads of addresses with significant amounts of BTC with known public keys. (This article says there are 1.7M BTC in P2PK addresses: https://unchained.com/blog/bitcoin-address-types-compared/) If there was a quantum computer capable of reversing ECC public key to private key I'd expect them to do something more significant. They could attack cryptography fundamental to the internet. They could attack Bitcoin transactions in flight (e.g. to send the BTC to their own addresses). They could move that 1.7M BTC. So I'd expect an attacker to steal a bunch of Bitcoin and turn it into real estate, yachts, gold etc and then sell the quantum computer to someone that wants to destroy Bitcoin and/or the internet. Then live happily ever after. This seems like someone remembering or finding an old key. Probably they just got out of prison.

Original-Assistant-8

That's a misconception. The issue here is with private/public key signing which is asymmetric. "Most asymmetric encryption methods (public-key crypto, such as RSA encryption or Elliptic Curve Cryptography (ECC)) are vulnerable to quantum attacks." You're thinking of symmetric encryption (such as AES) which is considered safe assuming the key size is appropriate. So blockchain history is fine, but many many wallets can be cracked. https://www.quintessencelabs.com/blog/why-we-need-post-quantum-cryptography-or-quantum-safe-algorithms

Model_Citizen_1776

Folks like this are going to get slaughtered when it's finally leaked that ECC and SHA have been compromised. Every bitcoin wallet is based on a public/private keypair generated with ECC and SHA. The entity able to crack these ancient (in tech terms) algorithms will be able to generate your private key from your public key. All bitcoin wallets will require user intervention to 1) generate a new wallet with an updated cryptographic technology and 2) send their funds to the new address. People will just sell. It's only a matter of time. Tick tock. In the meanwhile, enjoy the party!

Crully

If they broke sha256, they can't steal anyone's coins. Your coins in your wallet are not protected by the hashing algorithm used to mine coins. The risk with it being broken, is a malicious actor takes over the block production and honest miners can't keep up, so they could pick and choose which transactions are allowed through. So you can't move your coins, but they can. If ECC is broken, everything is fucked, not just bitcoin.

Model_Citizen_1776

Nope. I mean, you could change the block chain code to only use keypairs generated with a new and secure algorithm, but you can't automatically update all those millions of keypairs that were generated with ECC and SHA to a new tech. Each individual Bitcoin investor will have to generate a new wallet with the new tech and send his funds to it. Chaos.

Model_Citizen_1776

The black swan that takes it to zero: You wake up to news reports that a government whistle blower has credibly leaked that some security agency has cracked ECC and SHA. This means that they're able to generate your private keys from your public keys. There is no way to update all keypairs to a new cryptographic algorithm. Each crypto holder has to create a new wallet with new keys based on a new tech. Then send their bitcoin to the new wallet. Most will just sell "to be safe". Except they won't be able to sell because everyone else will be selling. Doomsday. Until that day, the party continues! Party on, dudes! Ps. You think this will never happen? The Germans thought Enigma was uncrackable too. How'd that work out for them?

Ginux

I was born in the middle 70s and have worked as a system engineer for more than a decade. I use distributed storage, linked list structures, PKI, RSA or ECC every day, but I never thought of inventing something like this. So when I first saw the Bitcoin white paper, I knew the value of this thing. It has nothing to do with age, but more to do with experience and cognitive ability

Embarrassed-Wish-800

I agree, the quantum technology is growing exponentially and it won’t be long before error correction becomes more efficient. I’m pretty sure it’s 2330 logical qubits needed for shors algorithm to break ECC

Embarrassed-Wish-800

Whilst they are not the only one taking action, it does seem that Qanplatform have an edge when it comes to their quantum resistant technology and how they are implementing it to support existing ECC wallets.

Forbidden-Kid

A Bitcoin private key (ECC key) is an integer between one and about 10^77. This may not seem like much of a selection, but for practical purposes it’s essentially infinite. If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This currently is far out for now but maybe with time!

nexted

There are known quantum resistant algorithms that we can adopt, but they have a higher cost in terms of compute (and possibly storage?) and have not been studied/battle hardened as well as ECC. Signal recently adopted an approach where they layer a new quantum resistant algorithm (CRYSTALS-Kyber) on top of ECC, so that if there are known flaws in CRYSTALS-Kyber, we can in a sense "fallback" to ECC. This is primarily because, if messages are being captured/stored, in 10-20 years we don't want theoretical future quantum computers to be able to as easily decrypt our present day communications en masse, so it's worth the extra overhead. With Bitcoin, space in the blockchain is somewhat precious, but we're not vulnerable until a practical quantum computer is developed, so we don't benefit as much from taking a similar approach today. We pay the price for the protection today, but we don't need it until some TBD "tomorrow". When the time comes where we can see vulnerability on the near horizon, it's very likely that we'll need to hard fork the chain and have a grace period where folks can migrate their existing ECC wallets over to a new scheme, and then at some point we'll need to consider un-migrated wallets to be frozen/burned forever. Or at least, that's my speculation. It'll be a fascinating time, since we would rather quickly find out how many current wallets are well and truly lost, as well as possibly learn whether Satoshi is still out there and wishes to retain access to their stash.

polymath_uk

The problem comes when you look at the kind of qubit. One of the biggest problems with most hardware implementations (not photonics though) is that they couple to the environment which decoheres them. The qubits are noisy and the current batch of designs are known as NISQ noisy intermediate scale quantum devices. In order to do accurate calculations requires either better isolation from the environment which is next to impossible, or else multiple qubits can be combined to form a "decoherence free subspace" using various error correcting codes like Calder codes to deal with the problem (similar to how checksums and other ECC works in classical computers). This typically requires 7 - 10 physical qubits per corrected logical qubit. Your next problem is scaling and there are many other problems that are dependant on the underlying physical qubit type. It will only be disruptive over decades imo. 

Original-Assistant-8

It's your private/public key where the weakness lies. ECC is easily broken by quantum computing, which is why major business and government are already preparing. NIST has advised all systems to start preparing now. Check out Linux post quantum computing association. Nvidia, IBM, AWS, Google are there. They get it. There's about 20 members. 2 blockchain members include QANPlatform and QRL. While it would be great if bitcoin could implement similar solutions, it really is hard if not starting with a fresh chain.

Model_Citizen_1776

Here's how: go to the bitcoin chart. Click on "ALL" then click on "LOG". What you'll see is almost the perfect graph of y=log(x). As Elon would say, "Let that sink in". Just don't think about what happens when it finally leaks that the NSA cracked ECC and SHA. Have a great weekend!

Ok_Passage_4185

It's not arbitrary at all. I chose 4 year for Bitcoin for obvious reasons, and for MSFT, I'm looking at the annual change over it's entire history. USD has no impact on the relative growth of MSFT and BTC. I could just as easily compare MSFT to GE, but that makes no sense (much like you yourself are making). A cheap quantum attack on SHA256 makes Bitcoin worthless. If you don't understand that, you don't understand Bitcoin. Meanwhile, a quantum attack on SHA256 does not impact Microsoft at all. Not only can they change hashes whenever they want, they generally rely on more modern algorithms like ECC already. Where's your citation for Saylor's investment portfolio? How do you know (provide links) what he's invested in? You're ignorance is laughable.

HSuke

Please keep in mind that bit-size is a meaningless metric without an encryption protocol. A 256-bit ECC key is equivalent in strength to a 3072-bit RSA key

AggravatingRock8606

Because by definition: Cryptography is the art of using various methods/patterns and algorithms for encryption and decryption, as well as others such as digital signatures hashes etc. etc. you get the point Cryptocurrency is simply a digital currency that uses various cryptographic primitives (such as ECDSA) to securely facilitate verifiable digital transactions in a no -interactive fashion. These are two very different concepts. While yes, cryptocurrency uses cryptography, it’s not built upon unique mathematical concepts/constructs except for a select few shit coins/privacy coins utilizing novel constructs. Developers will need to switch from ECDSA/ECC to ML-DSA-44 (Level 1 - 128-bit security), ML-DSA-65 (Level 3 192-bit security) and ML-DSA-87 (Level 5 - 256-bit security). These are all based on the CRYSTALS-Dilithium method for digital signatures

only_merit

This is nicely done, upvote worth material. Just to nit pick on you. This does not prove you do not have the private key, it rather says that it is computationally infeasible for you to have it unless you broke ECC or got very lucky. In other words, ECDSA does have some model assumptions and those are not unbreakable in theory.

bigbarryb

imagine the formula (x*7)%10. By incrementing x from 1, you get: 7, 4, 1, 8... 10 would be the keyspace, your address could be anything from 0 to 9. And 7 would be your seed number. A wallet increments x to give you as many addresses as you need. The keysize for Bitcoin is obviously way more massive than 10, we use ECC instead of modular arithmetic and your seed is much bigger and harder to guess than 7. Regarding the ability to check your balance, using ECC, we can actually take the master private key derived from your seed words, get the associated public key, and from there we can generate all the addresses without being able to calculate their spending private keys. We take this public key (called an extended public key) and call it XPUB. Many wallets can import an XPUB and become a "read only" wallet. They can help you check your balance, see your historical transactions, without compromising funds.

makmanred

It may not be a hack but a response to the fact that quantum computing is advancing faster than expected. Quantinuum just achieved a mind-blowing ratio of 12 logical qubits on only 56 physical, and is expecting to be at hundreds of logical qubits by 2029. Shor's breaks ECC at around 1500. And the core dev's don't seem think it's an issue worth worrying about now. The wallets may simply be getting out before fear starts setting in.

MittenSplits

Without a trustworthy trapdoor function, none of this would work. SHA-2 was the foundational innovation that unlocked Hashcash/BTC. I would also argue that hashing algorithms are inherently more secure against QC than any kind of public-private key cryptography, since there isn't a fixed 1-to-1 pairing (infinite inputs resulting in finite outputs). ECC or any other discrete log encryption scheme is going to need replacement before SHA. Which is good, because SHA is the algo currently burned onto all of the ASIC's.

CryptOrBust

Quantum computing breaking ECC256 & the ability to derive private key from public key.

MittenSplits

It's open source, and surprisingly simple under the hood. Not much to attack. The security is derived from SHA-256. Hashing algos are what fundamentally made BTC possible. It is just a novel use of partial hash collisions, the real innovations have been piling up for years behind the scenes (ECC/proof-of-work). It really is as strong as everyone says it is. And far more secure than any other finacial network on Earth.

Original-Assistant-8

Both ECC and RSA are vulnerable. There is a reason NIST released new standards

Tech72

The year that people were commonly predicting for 256 bit ECC being at risk was 2030-2031, with increasing risk per year. The estimates among experts familiar with the papers described here are now estimating 2026-2027, with a slim possibility of 2025. More: https://quantumevm.com/article/quantum-algorithm-litinski

choicehunter

This stems from the fact that unused addresses are protected by SHA-256 and RIPEMD-160, while a used Private key that is exposed to the blockchain is vulnerable to Shor's algorithm due to using eliptic curve cryptography. However, even SHA-256 and RIPEMD-160 are not immune to quantum attacks and they are also vulberable to Grover's algorithm (which is less dramatically impactful than Shor's, but still an issue to consider), and while they may be MORE resistant to CERTAIN quantum attacks than ECC, no cryptographic algorithm is truly "quantum-resistant" at this time, including Bitcoin addresses with Private Keys that have never been used and exposed to the blockchain. For these reasons, the community is actively researching REAL quantum-resistant alternatives. It is definitely safer to use a new address every time, but it is a mistake to assume that an unused address with SHA-256 or RIPEMD-160 cannot be breached by a sufficiently powerful quantum computer. That is not the case and is a common misconception. BUT it is currently our best practice option until a real solution is presented...but the fact is that we will eventually need some kind of change to protect against quantum computing. We cannot keep things exactly as they are now without high risk in the long term. I hope that helps to clarify.

stay_safe_and_calm

Yes, there is a real risk, that the elliptic curve cryptography (ECC) of the bitcoin protocoll will be broken by quantum computing in the next 5 to 10 years. Read this to learn more about the issue: [https://arxiv.org/pdf/1710.10377v1](https://arxiv.org/pdf/1710.10377v1) The bitcoin ECC-algorithm is less quantum resistant than the classic RSA-algorithm, which is used in HTTPS-protocol for example.

biba8163

> **Diversifying your 2018 investment portfolio with high risk and low risk coins** > Put $10k into high risk high return coins XSPEC, SUMO, ECC, ODN, BNTY, SNOV > Put $15k into medium risk medium return (10x) coins, COSS, POE, PRL, DBC, ENJ > Put $5K into low risk, low return (3x-10x) coins Bitcoin, Ether, Nano, VEN, IOTA, BNB https://np.reddit.com/r/CryptoCurrency/comments/880ixl/diversifying_your_2018_investment_portfolio_with/ I remember so many of this kind of posts from 2018 to 2020.

BiscottiTrick3249

Our current cryptography (RSA, ECC) is vulnerable to quantum attacks. I guess adopting post-quantum cryptography is essential to secure our digital communications and transactions, no?

Original-Assistant-8

Very interesting history. Thanks for pointing out ECC along with RSA.

pythosynthesis

You act very confidently and aggressive, dare I say. Yet all this posturing rests on that tiny "if" the current paradigm is s broken. Small thing. Reversing the hash, as you put it, is the real problem. QC cannot do that, it "only" breaks ECC. But IF that paradigm is broken, your pads are useless because I'm going to drain your bank account directly through online banking. And then some more, since the SHA that wraps a Bitcoin public key is the same used all over. So IF the current paradigm is broken, unless you have gold only and bullets aplenty, you're just as much of a bag holder. Also, Bitcoin's public keys are hashed twice, just in case. And for the love of everything cryptographic, stop throwing vaguely related issues like P and NP out there. Won't even impress armchair cryptographers.

New_Egg_9256

There are a few quantum resistant encryption schemes on the way: # 1. Lattice-Based Cryptography: * **How it works**: Lattice-based cryptography uses the hardness of certain mathematical problems related to lattices (geometric structures in multi-dimensional spaces). The security of lattice-based schemes relies on finding short vectors in high-dimensional lattices, which is believed to be difficult for both classical and quantum computers. * **Quantum resistance**: Quantum computers are not expected to have a significant advantage in solving lattice problems due to their design. They would need exponentially more qubits (quantum bits) and operations to break lattice-based cryptography compared to classical computers. This makes lattice-based schemes a strong candidate for post-quantum security. # 2. Code-Based Cryptography: * **How it works**: Code-based cryptography uses error-correcting codes where encoding and decoding messages involve solving specific mathematical problems, such as the syndrome decoding problem. These problems are computationally hard and believed to resist attacks from quantum computers. * **Quantum resistance**: Quantum computers are not known to efficiently solve problems related to error-correcting codes used in code-based cryptography. The algorithms used in this approach are designed to be resistant to quantum attacks by leveraging the complexity of decoding techniques. # 3. Hash-Based Cryptography: * **How it works**: Hash-based cryptography relies on hash functions, which are mathematical algorithms that convert input data into a fixed-size string of bits (the hash value). It uses properties such as collision resistance, where it's hard to find two different inputs that produce the same hash value. * **Quantum resistance**: Quantum computers can theoretically perform faster searches for collisions or pre-images (finding an input that matches a given hash value). However, cryptographic hash functions like SHA-256 are designed with sufficiently large output sizes and complex structures that make finding collisions infeasible, even for quantum computers. # 4. Multivariate Cryptography: * **How it works**: Multivariate cryptography uses systems of multivariate polynomial equations for encryption. Solving these equations to break the encryption requires finding solutions in a large space of possible inputs, which is computationally intensive. * **Quantum resistance**: Quantum computers face challenges in efficiently solving systems of multivariate polynomial equations due to the complexity of operations involved. The security of multivariate schemes relies on the difficulty of solving these equations, which current quantum algorithms are not expected to significantly expedite. # Summary: * **Common theme**: All these quantum-resistant cryptographic approaches rely on leveraging mathematical problems that are believed to be hard for quantum computers to solve efficiently. * **Quantum advantage**: Quantum computers do not provide a substantial advantage in breaking these types of encryption compared to classical computers, ensuring robust security even in the future quantum computing era. * **Development**: Ongoing research and standardization efforts aim to further develop and refine these cryptographic techniques to enhance their efficiency and applicability in securing digital communications and data against potential quantum threats. The real threat from quantum computing is to RSA encryption and ECC. AES-256 will still be fine so long as the password has enough entropy, such as above 100.

AromaticQueef

No it can't, not simply. This is a massive undertaking that will be a minimum of 5 years assuming the core devs can even come to consensus on which algorithm to use There's a real chance we have a sufficiently capable quantum computer by then (IBM says they should have one by early 2030s) running Shor's algorithm which can crack ECC - what BTC, ETH, and all other cryptos are using for their signature scheme. The only projects that have even mentioned it are ETH and ALGO but are still using ECC. Vitalik even said in his blog post that ETH will wait for a quantum attack to occur, then perform a rollback which will damage the immutability of the chain. https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901 QRL is leading the small subset of coins actively addressing this problem of being quantum secure from genesis. Bitcoin cannot simply fork to solve the problem

HSuke

Sure. I suppose that would break all encryption, including blockchain security. I consider quantum computing breaking ECC (using supercomputers) to be a gray swan event that could occur in 100 years, but solving the Riemann Hypothesis seems near-impossible.

ma0za

No bud. Just no. Below are the Network & Hardware reqs for a rpc node. Source: https://docs.solanalabs.com/de/operations/requirements Networking: Internet service should be at least 1GBbit/s symmetric, commercial. 10GBit/s preferred. Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk

OderWieOderWatJunge

>RAM >256GB or more >Error Correction Code (ECC) memory is suggested >Motherboard with 512GB capacity suggested Okay Solana :D

ma0za

Source: https://docs.solanalabs.com/de/operations/requirements Hardware Recommendations The hardware recommendations below are provided as a guide. Operators are encouraged to do their own performance testing. CPU 12 cores / 24 threads, or more 2.8GHz base clock speed, or faster SHA extensions instruction support AMD Gen 3 or newer Intel Ice Lake or newer AVX2 instruction support (to use official release binaries, self-compile otherwise) Support for AVX512f is helpful RAM 256GB or more Error Correction Code (ECC) memory is suggested Motherboard with 512GB capacity suggested Disk PCIe Gen3 x4 NVME SSD, or better Accounts: 500GB, or larger. High TBW (Total Bytes Written) Ledger: 1TB or larger. High TBW suggested OS: (Optional) 500GB, or larger. SATA OK The OS may be installed on the ledger disk, though testing has shown better performance with the ledger on its own disk Accounts and ledger can be stored on the same disk, however due to high IOPS, this is not recommended The Samsung 970 and 980 Pro series SSDs are popular with the validator community GPUs Not necessary at this time Operators in the validator community do no use GPUs currently RPC Node Recommendations The hardware recommendations above should be considered bare minimums if the validator is intended to be employed as an RPC node. To provide full functionality and improved reliability, the following adjustments should be made. CPU 16 cores / 32 threads, or more RAM 512 GB or more if account-index is used Disk Consider a larger ledger disk if longer transaction history is required Accounts and ledger should not be stored on the same disk

only_merit

Well it's not only FUD, it's also false. First, we do not know if QC of that power are even viable to exist. That is still an open question. Then, let's assume that this question is resolved positively, that is that someone at some point finds a way to create such a powerful QC that could produce the signature without having the private key. Advancements like this do not happen over night. Computers of all kinds are incrementally improved and since we are talking about many orders of magnitude, we would first hear about QC being able to break weaker forms of cryptography long before there would be one strong enough to break ECC used in Bitcoin. What that means that we would have enough time to apply a softfork to introduce quantum resistant schemes to protect the coins. And while there is a separate problem with coins that would not upgrade (e.g. lost coins), there have already been discussed schemes based on zero knowledge proofs of having the correct seed that would protect even those coins with a softfork. It's not 100%, but it's close enough. So for all active users, QC will be non-issue, i.e. Bitcoin is safe. For some of unupgraded/lost coins, the attacker could possible spend them and create a temporary disruption of the market, not unlike we've seen with MtGox, FTX and others. And yet, Bitcoin always recovered from this in somewhat short time. Arguably, Bitcoin is more safe than physical gold as it is very hard to move the gold, so you are often stuck to a location, or have a great risk of losing it. And since nation states are arbitrary about changes in their laws, this property makes gold quite insecure for the future in many places in the world including US and EU.

HSuke

Most of them post data like this: * L1 or DA Layer: Gets only the hashes of the transactions. * DA Committee: Gets transaction data and hashes. Keep in mind that Validiums are not all the same. I'm not sure why you mentioned all of that mumbo jumbo about elliptic curve cryptography since it seems irrelevant to understanding Validiums. Rollups don't have to use ECC.

cooltone

This is not strictly true. The upgrade from RSA to ECC on the card networks took years. The NSA monitors the resilience to attack of encryption methods. I would imagine that there are few quantum computing sites with the facilities, let alone know-how, to mount a credible attack. Those that will be monitored by the NSA, if not, they should be.

binary_blackhole

While you got some things right you forgot one key thing for the attack to succeed. First you need a quantum computer with 6x qbits of the key length for ECC. which means for bitcoin that uses 256bits keys, you’ll need 1536 qbits. That’s not a small feat, and I won’t get into the details but it’s not coming in 5 years that’s for sure. Second and most importantly you’ll need a public key to try this attack, and this information is not disclosed until you send bitcoin from an address. The address is a hash derived from the public key, and cannot be reversed of course. Basically if you just use an address to accumulate bitcoin, it’s not vulnerable to quantum computers, until you send bitcoins from it. That’s why it’s a recommendation to not reuse adresses and always generate new ones.

the_ats

20 funds selected for monthly dividend distribution: Fund Ticker.....annual Yield ECC.....18.73% ACP..... 17.7% CRF.....17.67% SVOL..... 16.27% IGR...... 13.64% RYLD.... 11.9% RIV..... 12.77% RYLD..... 11.51% THW..... 11.13% MORT..... 10.71% XYLD..... 9.47% SPE..... 8.5% ETJ..... 8.3% EXG..... 8.16% LGI..... 7.88% JEPI..... 7.24% AMZA..... 7.17% EINC..... 3.49% Almost pure ETFs. Some closed ended funds. Main theory behind it was to promote DCA. All the dividends get reinvested to rebalance the portfolio to an even 5% split across 20 funds. I'll prune out the closed ended funds this year and rebalance for pure ETF portfolio. But again, this is about 50% of my brokerage account. With these funds exceed the allocation for it, the dividends buy BTC etfs and other growth focused ETFs that may have quarterly, annual, or no dividend at all.

safehodl

Supercomputers cannot break 128-bit cryptography, that is like guessing the one correct atom in the visible universe, and guessing has a cost of energy and computation. However, quantum computers could break ECC cryptography, although all indications point to that being far away or perhaps not possible given the current rate of errors. Bitcoin may need to eventually adopt quantum-secure digital signature schemes, but all lost or unmoved coins could be stolen.

bitcoin_barry

Depends on what you're thinking about. I don't think quantum computers will overtake bitcoin mining. It would simply cost too much. One think I tend not to hear actually is about how efficient quantum computing is compared to bit computing. For sure it will be faster, but how much power does it take to reach that speed? If we're talking about cracking addresses, there's SHA256, there's the ECC algorithm, there's usually some SHA512 in HD wallets (which is basically all wallets now) So cracking an address is hard and cracking a wallet is even harder. I just don't think it's worth being worried about right now.

crazydrummer15

One of the most significant threats quantum computers pose to SHA-256 is their ability to efficiently perform Shor’s algorithm. Shor’s algorithm can factor large numbers exponentially faster than the best-known classical algorithms, which could compromise the security of widely used encryption methods like RSA and ECC. These encryption methods often rely on the difficulty of factoring large numbers for their security. Quantum computers also threaten the security of hash functions like SHA-256 by utilizing Grover’s algorithm. Grover’s algorithm can search unsorted databases quadratically faster than classical algorithms, making brute-force attacks on hash functions more feasible. While a 256-bit hash is still considered secure against classical attacks, it is theoretically as secure as a 128-bit hash against quantum attacks.

bojothedawg

Depends how well grounded you are in computer science and cryptography. As a software engineer, I was able to comprehend the paper the first time I read through it, and then diving in to the Bitcoin Core code solidified it all even more. I still don't understand ECC math but I do trust that the cryptography is strong.

GoElastic

I also wondered if there is a proof for addresses which cannot have a private key. Where do you have this address from? Link? I guess it falls mathematically into the same category as the eliptic curve cryptography(ECC). BTC relies on the discrete logarithm problem, but there is also no proof for this. So in this sense BTC is as "risky" as the famous N vs NP problem. If you think N=NP, than you should not buy BTC 😎

Pattyrick00

Hmmm this is what I was thinking as well, sounds like the best possible 'solution'. Backward compatibility is a pretty core feature of Bitcoin, at a minimum it would create another fork, but I don't know how else to do it if ECC and SHA 256 are compromised then those stashes of old coins will crash the market hard. But Bitcoin would still survive, so what's worse, a massive market crash or requiring everyone to recreate their private keys or forfeit their funds.

Real-Technician831

BTW ECC algorithm used by BTC,ETH,etc is also time constant.

Megalo85

76302 0xD85C478106D15ECC391409cc212b36Fd07e7B6BD

an_arcticwolf

1. 428,929 2. 0x346ca5B85a0eec8FA0ECC59fd0b5aea6Da184055

MinimalGravitas

I mean obviously you bought it already and are now trying pump it by posting here...we aren't completely gullible! But I'm glad to have given you some key words to search for. It seems sensible to get a basic understanding of cryptography if you want to invest in quantum resistance projects... otherwise you're just going to get tricked by scammers using impressive sounding buzzwords. A good place to start would be CloudFlare's introduction to ECC: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

SmoothGoing

Sha256 is a hashing algorithm. It is not encryption. iMessage used RSA and ECC. Bitcoin priv keys use ecdsa. QC is less of a threat to mining and double sha256 hashes than to ecdsa since there's a difficulty adjustment as well. So no QC "51% attack soon." Sha1 is bad, sha2 still works, and sha3 like keccac already exists for a decade. There is no encryption in bitcoin so there's nothing to replace like what Apple is doing.

metalzip

It all started with ECC, but that is predated by RSA, so in 1977 Ron Rivest, Adi Shamir and Leonard Adleman but wait if you don't mind me taking a 30 second, maybe half-minute, detour - we should first look at prime numbers and the persona of Pitagoras... but to there, did you know that The Rhind Mathematical Papyrus, from around 1550 BC, has Egyptian fraction expansions of different forms for prime and composite numbers

fllthdcrb

> it's not as secure as a long password of random characters. It's every bit as secure *if it has the same entropy*. Which is *exactly* what a mnemonic in a deterministic wallet is about. It may be just a series of unaltered words from a limited dictionary, but it still has 128–256 bits of security. And it's easier to remember. Applying that to your example (), you could take 421 bits of entropy, pad them with 8 checksum bits, and turn them into 39 words from a 2048-word dictionary, and have something just as secure. And not need to be a savant to remember it. But 421 bits is pretty extreme, IMO. You're ignoring that Bitcoin keys have only 128 bits of security (because of a known attack on ECC), so no wallet password is going to provide protection much better than that.

camdez

Apologies if I've misunderstood what you're expressing here, but looking at the *NSA kleptographic backdoor in the Dual\_EC\_DRBG PRNG* section you pointed out, we read: "(NSA) inserted a backdoor into a pseudorandom number generator (PRNG) of NIST SP 800-90A...as independent security experts long suspected", citing [a 2007 Wired article by (eminent) cryptographer Bruce Schneier](https://www.wired.com/2007/11/securitymatters-1115/). Put plainly, cryptographers were (publicly!) suspicious of NIST crypto recommendations before Bitcoin was released (2009). Thus the suggestion that *not* using NIST ECC curves implies some kind of NSA insider knowledge is silly.

camdez

I think you may be right, but I still disagree with his conclusion; it seems an entirely unnecessary assumption that we should dismiss (per Occam's Razor). Do we really believe that the only way someone *wouldn't* choose an ECC curve from the US government's handpicked list is because that person worked for the intelligence agency? Would a dissident use NIST's curves? Would (say) a Russian engineer? There are many plausible explanations that fit the facts, so there's really no basis to make the assumption he does. It's probably not so obvious now, but if you were in software in the 90s, it was a *weird* time. [It was illegal to export "strong cryptography"](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States) in the US—what we'd now consider totally normal crypto your browser would use to talk to your bank's website was *illegal math*. Which meant normal browsers and other programs had to / were supposed to jump through weird hoops to weaken encryption if it they were available on the internet. The government was trying to [backdoor all voice and data transmissions through a special chip](https://en.wikipedia.org/wiki/Clipper_chip). There was a growing awareness that the Internet would be super important, but also that there was essentially *no* privacy. All of that got even worse after 9/11. My point in mentioning all of that is that the cypherpunks came up in that era, when trust in the US government with respect to all things digital was at an all time low, and the roots of Bitcoin trace back to that world. In a certain way, I'd be shocked if Satoshi *did* pick an off-the-shelf NIST ECC curve.

camdez

This is not worth taking seriously. Presumably he's referring to the [secp256k1 elliptic curve](https://en.bitcoin.it/wiki/Secp256k1) Bitcoin uses with ECDSA, which *was* an unusual choice at the time. The choice of what curve parameters to use for encryption / signing is a question of *math*, which is to say that a "backdoor" in this sense really just means that someone else (*e.g.* the government) knows a way to make a certain math problem easy that others presume is always hard. A good cryptographer might come to an independent conclusion that a particular form of encryption is not safe, or even just *suspect* it and steer clear. There has been skepticism about government (*e.g.* NIST) suggested encryption algorithms / parameters long before Bitcoin existed—presumably from the *beginning* of published standards. And the cypherpunks (out of which Bitcoin grew) were exactly the type of folks to be skeptical. If Bitcoin was created by a three-letter agency, it would presumably use one of the backdoored algorithms so that the agency could gain advantage. The fact that it *doesn't* lends credence to the idea that it was *not* created by them. If he's just saying that the creator might have worked at one of those agencies at some point and knew which algorithms had vulnerabilities, fine—but what does it matter? There are numerous (perhaps infinite? I'm not intimately familiar with ECDSA) [choices of curves to use for ECC](https://safecurves.cr.yp.to/index.html). If you were aiming to build a secure, global, digital cash system, outside the reach of fiat, and you had the cryptographic proficiency, would you choose your (pivotal) encryption parameters from an opaque menu presented to you by a government, or would you come to an independent conclusion? Even if *you* trusted said government, would future users trust the system, knowing that that government might have a backdoor to that entire financial system? Moreover, "unlike the popular NIST curves, secp256k1's constants were selected in a predictable way, which significantly reduces the possibility that the curve's creator inserted any sort of backdoor into the curve" ([https://en.bitcoin.it/wiki/Secp256k1](https://en.bitcoin.it/wiki/Secp256k1)). This is a *great* quality to have if you're trying to inspire trust in your choice, and some kind of choice needed to be made. It seems like Satoshi made the best, most logical choice available to him / her / them.

fllthdcrb

> My thinking was to use the Ian Coleman "IC" site for its strengths and choose a different language as any hacker getting it from the USA would likely try English Why is English a problem? Are you thinking of dictionary attacks? I don't believe that applies here. Dictionary attacks work with *passwords* because people are not very random with their choice of passwords and like to make short ones based on a word or two. Key word: "choice". Passwords people choose tend to be low-entropy, because people are bad at randomness. However, here you are letting an RNG generate 128–256 bits of entropy. The mnemonic is nothing but an encoding of that entropy. It doesn't make it any easier to guess. But it *does* make it easier for you to handle as a human. That is, *if* you use the mnemonic, as opposed to just copying master keys or whatever. > derivation 84 (I was just saying 32 because earlier because it was the standard and messing it with is a good way to make your coins unrecoverable) thru experimenting I realized only 84 will produce bc1 addresses, which I think is best going into the future. BIP 84 is the standard that specifies the derivation path for P2WPKH (pay-to-witness-public-key-hash) wallets, P2WPKH being the script type that has "bc1q" addresses associated with it. So it makes sense you get those only if you choose BIP 84. Other choices there, other than BIP 32, correspond to other script types. One that is missing on that page is BIP 86, which is for P2TR (pay-to-Taproot) scripts, which have "bc1p" addresses. But then, Electrum doesn't yet support P2TR wallets. > 1. ... > 2. ... > 3. ... I'm not sure I understand what this is about. Were these different things you tried? Did you create multiple wallets using these different steps? Or something else? > if I could get the QR to work that would be great, but getting the laptop camera to snap a picture in a mirrror didnt work. QR codes generally cannot be scanned in mirror image, as they are not designed to make such a distinction apparent to a scanner. A mirrored QR code looks superficially like a non-mirrored one turned a different way, but things are in the wrong places. If you really need to have a device scan a QR code from its own screen, you need to use an even number of mirrors, so the image goes back non-mirrored. However... > However next to the camera button there was the choice to "Read from file". I snapped a screenshot (.png) and went to the .png file and entered it. It took a few seconds but it seemed to load/accept it Yes, this is a lot easier. But is even that really necessary? Does Tails prevent you doing a simple copy-and-paste of the field, instead of going through all that rigamarole? I'm not familiar with use of Tails, so I don't actually know. But surely there is an easier way than what you're trying to do. > enter 12 more custom words (this is another reason im using IC, I get a good set of 12 more words This is your passphrase, then. That's what the "extend with custom words" option in Electrum is referring to. > then the PassPhrase There is no "then" at this point. You have already entered your second 12-word phrase as the passphrase. There is no option to add anything more. If you want to enter 24 words in Electrum (which is of dubious benefit, as Bitcoin keys, being ECC, only have ~128 bits of security, the same as the entropy you get through a 12-word mnemonic), then just generate a 24-word mnemonic, which Electrum will accept as a BIP 39 mnemonic. It's only Electrum mnemonics that must be 12 words. > HERE IS the main reason Im trying to use the IC -as long as it doesn't make my wallet unrecoverable- it generates a 100 digit passphrase, the longest allowable, in my brain I hope you have a savant-level memory, because there is no way *I* would be able to remember something like that. And there is no way I can recommend it to anyone, including you. Word of advice: unless you have superb discipline, don't try to get fancy with your security measures. A lot more people lose their bitcoin by losing or forgetting all the details of what they did than by actually having it stolen.

Mission_Ad8175

Yes the reason is important. It’s important to stay in the loop, and try to be ahead of the news instead of behind it. I know that the amount of seed phrases is more than the atoms in the universe or whatever. But thanks for pointing out ECC, I’ll research it. It would be nice if our personal bank account was something more personal tho… like a feeling only you could have, lol. Thoughts about the future can get pretty wild. But I’ll take one of my atoms for now 😚

Donieguy

Depends on the reason it went down. If it was just selling pressure then I’d buy as much as disposable income I could. If it was something way worse like someone figured out how to crack seed phrases… that’s when you’d want to be out. The good thing is that seed phrase cracking won’t be an issue unless some major technological breakthrough happens. Highly unlikely due to the nature of ECC.

Flix1

Are you sure about not using sha 256 for keys? On kraken's website they say: "Bitcoin uses elliptic curve cryptography (ECC) and the Secure Hash Algorithm 256 (SHA-256) to generate public keys from their respective private keys".

Flix1

Thats an old video but Shor's algorithm could break RSA-256 bit encryption with a quantum computer with about 4098 logical qubits and ECC-256 with around 2330 logical qubits. It's inevitable in the next few years.

HSuke

Not SHA-256. That's the mining puzzle algorithm. Public/private keys are based on ECC.

equity_zuboshi

>We have. Bitcoin will move away from elliptic curve crypto Why? There is no reason to do that. While there are sound reasons to expect space mining of gold could become a reality in the next 15 - 75 years, using already existing technology and methods, there isnt any basis to expect ECC to become broken in the same time frame.

MachaMacMorrigan

Also, there's no cryptography in the Bitcoin blockchain. "The Bitcoin network and database itself does not use any encryption. As an open, distributed database, the blockchain has no need to encrypt data. All data passed between Bitcoin nodes is unencrypted in order to allow total strangers to interact over the Bitcoin network." Also, "ECDSA, which stands for Elliptic Curve Digital Signature Algorithm, uses the same mathematical primitives as ECC (elliptic curve cryptography) and, as such, also uses an asymmetric key pair of public and private keys. This is synonymous with other cryptography algorithms which use a public key to encrypt messages and a private key to decrypt them. However, these keys are not used to encrypt or decrypt anything." So, no cryptography, no anonymity, and no encryption. And being *pseudonymous* isn't worth much if you bought your BTC from a KYC exchange. Seems to me the title of the Wired article is just clickbait.

Mullick

Pretty sure my barista had a computer science degree this morning. It doesn’t change the fact that you’re wrong. You clearly don’t even know what you are talking about since you repeated my error in mentioning sha256 instead of ECC But please continue to parrot and misrepresent memes that were proven to be misleading over a decade ago.

Azzuro-x

Mathematical shortcut being discovered for ECC.