Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Bitcoin The Almighty Buck

Why Quantum Computers Won't End Up Cracking Bitcoin Wallets (cnbc.com) 91

"Within a decade, quantum computers could be powerful enough to break the cryptographic security that protects cell phones, bank accounts, email addresses and — yes — bitcoin wallets," writes CNBC.

But fortunately, that would happen only if we do nothing in the meantime, they're told by Thorsten Groetker, former Utimaco CTO "and one of the top experts in the field of quantum computing." Crypto experts told CNBC they aren't all that worried about quantum hacking of bitcoin wallets for a couple of different reasons. Castle Island Ventures founding partner Nic Carter pointed out that quantum breaks would be gradual rather than sudden. "We would have plenty of forewarning if quantum computing was reaching the stage of maturity and sophistication at which it started to threaten our core cryptographic primitives," he said. "It wouldn't be something that happens overnight."

There is also the fact that the community knows that it is coming, and researchers are already in the process of building quantum-safe cryptography. "The National Institute of Science and Technology (NIST) has been working on a new standard for encryption for the future that's quantum-proof," said Fred Thiel, CEO of cryptocurrency mining specialist Marathon Digital Holdings. NIST is running that selection process now, picking the best candidates and standardizing them.

"It's a technical problem, and there's a technical solution for it," said Groetker. "There are new and secure algorithms for digital signatures. ... You will have years of time to migrate your funds from one account to another." Groetker said he expects the first standard quantum-safe crypto algorithm by 2024, which is still, as he put it, well before we'd see a quantum computer capable of breaking bitcoin's cryptography. Once a newly standardized post-quantum secure cryptography is built, Groetker said, the process of mass migration will begin. "Everyone who owns bitcoin or ethereum will transfer [their] funds from the digital identity that is secured with the old type of key, to a new wallet, or new account, that's secured with a new type of key, which is going to be secure," he said.

There will still be the problem of users who forget their password or died without sharing their key.

But in those scenarios, CNBC suggests, "an organization could lock down all accounts still using the old type of cryptography and give owners some way to access it."
This discussion has been archived. No new comments can be posted.

Why Quantum Computers Won't End Up Cracking Bitcoin Wallets

Comments Filter:
  • > But in those scenarios, CNBC suggests, "an organization could lock down all accounts still using the old type of cryptography and give owners some way to access it."

    So bitcoin is not going to be decentralized if there's a single company who has custody of your wallet and you have to prove your identity to them (how?) in order to get access to your coins.

    Sure.

    • Re: (Score:1, Redundant)

      by Noobsa44 ( 1101755 )

      I think you miss the "real" purpose for bitcoin. I admit this is only my own interpretation of a real purpose, but if you look at books like "American Nations: A History of the Eleven Rival Regional Cultures of North America" you will discover that second sons of our ancestor's economic system have a need to generate wealth and cannot do so in their existing system. To detail this out a bit, many of our founding fathers were from wealthy families that directly or indirectly came from the 2nd+ sons in the fa

      • second sons of our ancestor's economic system have a need to generate wealth and cannot do so in their existing system.

        Too many rags to riches stories for that to be true.

        • Except for specific times and places, those are outliers.
          • by jythie ( 914043 )
            Yeah.. pretty much every nation, economic system, and time period had examples of 'dirt farming peasant grows up to be grand lord of something' , but that does not mean there is economic mobility for 'the population'.
  • Imagine that QC required on the order of magnitude to crack encryption would work, the we probably could use these to:

    Cure cancer on an person by person basis in the early stages by individually developed antibodies/vaccinations.

    Other individualized medicine

    Develop materials - how much would a Room temperature room pressure superconductor be worth?

    • You realise that making bespoke drugs involves more than just some maths calculations on a computer, right? You actually have to synthesize the drugs somehow. It's all very well calculating the precise molecule that could cure someone's cancer, but without a way to produce that molecule, that's mostly useless.

      • by cusco ( 717999 )

        Labs are building molecules now atom by atom on an experimental basis, but the time QC is ready for prime time it's likely that the molecular assemblers will be as well.

    • by cusco ( 717999 )

      Those would be reasonable searches, but we all know that the first applications will be to crack Satoshi Nakamoto's wallet.

  • by vadim_t ( 324782 ) on Monday June 14, 2021 @04:11AM (#61485132) Homepage

    If it happened, even with a warning, it'd still be chaos.

    There are lost or unused wallets with enormous balances, like Satoshi's 1.1 million BTC. Just the possibility of somebody being able to get control of that much BTC would cause a panic.

    And of course anybody with the resources to crack a wallet would try going for the big hoards first, so after Satoshi I'd expect the next targets to be very long term users, exchanges and other large businesses dealing with BTC.

    • by fph il quozientatore ( 971015 ) on Monday June 14, 2021 @09:54AM (#61485992)
      Where "chaos" means "Bitcoin crashes, people who invested heavily in dangerously volatile cryptocurrency lose their money, everything else goes on normally"?
    • by cfalcon ( 779563 )

      > There are lost or unused wallets with enormous balances, like Satoshi's 1.1 million BTC. Just the possibility of somebody being able to get control of that much BTC would cause a panic.

      Bitcoin miners would do whatever they could to make this the patented "Good For Bitcoin". Here's I'll give you a hypothetical future.

      Step 1: "Oh noes we suspect $ORGANIZATION_OR_COUNTRY will soon be able to write arbitrary transactions given an input public key, and we suspect that they have every public key that ever

  • by Rosco P. Coltrane ( 209368 ) on Monday June 14, 2021 @04:27AM (#61485150)

    But that doesn't mean it's reassuring.

    The problem is, the NSA and other 3-letter-acronym sumbitches with enough free taxpayer's money to stay well ahead of the curve will do it secretly for years before the man on the street starts hearing that the conventional crypto they rely on might not be up to scratch anymore. They already do now...

    • by hey! ( 33014 )

      In other words, while it certainly won't *happen* overnight, we might very well *find out about it* overnight.

      • If you're so ignorant of science news that you think that the NSA is doing some sort of basic research and prototyping cutting edge machines that requires hiring top, high profile academic physicists, then yeah, you'll probably hear about it "overnight" regardless of where the discovery comes from.

        This is one of those, "if you're ignorant not to be sure, then the reality will be the same as if it was true" situations.

  • And cryptographic key sizes can be increased very cheaply , far cheaper than the quantum bits required to crack them. SHA 256 vulnerable? So use SHA65535 or similar. Once a quantum computer has run out of q-bits to use it has to run sequencially like a normal computer - AFAIA, correct me if I'm wrong - so if it has to crack a key size of 65535 bits it won't be much help if it tops out if its q-bits top out at 256 bits. As soon as a machine is powerful enough to crack larger keys simply make the keys larger.

    • All bitcoin mining is based on SHA256. If you're changing to SHA65535 you have to do a protocol upgrade and get all the miners to agree - all of the miners need to agree to throw away the expensive ASICs they've invested in and replace them with new ones.

      How likely is it that miners are going to do this without proof that SHA256 is cracked? What if the proof of SHA256 being cracked is an attack on bitcoin - definitely a high profile target for a grey or black hat whole had access / control of the quantum co

    • by Entrope ( 68843 )

      SHA256 is not significantly vulnerable to quantum computers. Plain SHA256 also does not involve any keys.

      • by Viol8 ( 599362 )

        How do you think block ciphers work?

        • by Entrope ( 68843 )

          How do you think quantum computers work? (Pro tip: Read the subject text.)

          We were not discussing block ciphers, but message authentication codes. And anyway, traditional (symmetric-key) block ciphers using 256-bit keys are typically not any more susceptible to quantum attacks than SHA256 is.

          • by Viol8 ( 599362 )

            SHA-265 uses block ciphers which require a key. That was my point.

            • by Entrope ( 68843 )

              SHA-256 does not require a key. The Davies-Meyer construction you are talking about uses the blocks of a message to be hashed as the key (of a block cipher used within SHA-256). None of that means quantum computers help any more than I said in the first place.

              • "to be hashed as the key "

                Yes, yes it does. More importantly

                "We would have plenty of forewarning if quantum computing was reaching the stage of maturity and sophistication at which it started to threaten our core cryptographic primitives"

                So apparently Thorsten Groetke thinks this can happen.
                • by Entrope ( 68843 )

                  Your "yes it does" is missing any kind of point.

                  As someone else pointed out, Thorsten Groetker is not well-known in the crypto world. I don't know what he thinks "plenty of warning" means, or how much warning he thinks is necessary. His bare assertion about that is not convincing.

                  Adopting a new signature scheme for Bitcoin transactions requires a hard fork, after picking a new scheme and implementing it. That kind of transition has taken a long time in the past -- notably for MD5 to SHA-1 and now to SHA-2

                  • I don't know what he thinks "plenty of warning" means

                    It means, for example, they'll be building machines that have n cubits years before they'll be building machines with 2n cubits, and they'll be cracking m bit algorithms years before 2m bit algorithms.

                    is not well-known in the crypto world

                    Luckily, we've known for thousands of years that argument from authority is a fallacy.

        • by Junta ( 36770 )

          SHA256 isn't a block cipher. It's a hash algorithm. The parent post is correct that Quantum doesn't help SHA256.

          Block ciphers are weakened, but not badly. It effectively halves the keylength. 128 bit is considered *plenty* and 256 bit keys are commonly used.

          Asymmetric algorithms are where the trouble is. Bitcoin uses ECDSA, so that would be the problem that needs addressing.

          • by Viol8 ( 599362 )

            "SHA256 isn't a block cipher. It's a hash algorithm"

            *sigh*

            https://en.wikipedia.org/wiki/... [wikipedia.org]

            "They are built using the Merkleâ"DamgÃ¥rd construction, from a one-way compression function itself built using the Daviesâ"Meyer structure from a specialized block cipher"

            • I'd be happy if QC could just crack Slashdot's mojibake.

              (I got a lameness filter error just for cutting/pasting Slashdot's own garble. How lame is that?)

            • by Junta ( 36770 )

              So to the extent that 'block cipher' applies in theory to SHA-256, I can't speak to.

              In practice, SHA-256 does not involve a key. Anyone in the world can freely calculate the SHA-256 of any known piece of data without a key. It is used as a hash to verify well-known data (where it is normally signed, e.g. in Bitcoin using ECDSA) or in an HMAC where parties have a shared secret (most often an ephemeral session shared secret, because HMAC with shared secret is faster than an asymettric approach, though AES-GC

  • If he really is dead or the coins are inaccessible in general for now, the incentive to crack those specific legacy accounts will be huge.
    Eventually they will succeed and flood the market with a massive amount of coins.
    It might be years before the price recovers then, with whatever other permanent damage it does to its (already bad) reputation as a volatile asset.
    I know it's not technically cracking bitcoin but still..

  • by waynemcdougall ( 631415 ) <slashdot@codeworks.gen.nz> on Monday June 14, 2021 @05:03AM (#61485190) Homepage

    Hi, my name is Satoshi Nakamoto. I seem to have lost the key to my old, insecure wallet. Please assist me in transferring my Bitcoins to a new secure wallet.

  • This is cringe... (Score:4, Informative)

    by Anonymous Coward on Monday June 14, 2021 @05:31AM (#61485224)

    I work in the area of quantum security (meaning, intersection of quantum computing and cryptography, PhD) and the story I've just read made me cringe.

    First of all, I beg you please, please to not start the usual discussion "QC will never be real". I am tired of arguing with you. Let's just set this aside for a moment, OK?

    Reasons to cringe:

    1. "Thorsten Groetker, [...] one of the top experts in the field of quantum computing" never heard of this guy before. I have only found one with a similar name on DBLP and has no publications related to quantum physics whatsoever.
    2. "We would have plenty of forewarning if quantum computing was reaching the stage of maturity" ahahahah. No.
    3. "It wouldn't be something that happens overnight." OK, let me explain why this a dangerous and probably wrong assumption, because it's actually not something many people know. The reason is Quantum Error-Correcting Codes. The TL;DR is that progress on expanding the power of quantum computing has so far been limited to small steps at a time, but there is a theoretical threshold that, if reached (and we're getting closer and closer), would allow to scale up the quantum memory very fast. We would see huge progress in the timespan of months if not weeks.
    4. "There are new and secure algorithms for digital signatures" yeah, good luck with that. I'm not saying that's not true, but the process of migrating wallets and certificates to quantum-resistant crypto will be a painfully slow one, as any new standard adoption in security. Furthermore, even the most promising NIST quantum-resistant schemes have overhead (signature/key size, speed etc) that are currently not competitive with traditional crypto used in Bitcoin. There is ongoing work to design quantum-resistant blockchains and related application, it's certainly feasible, but it's not as straightforward as the guy puts it.

    The real reason why (most) of Bitcoin transactions are not (much) threatened by quantum computers is that in modern Bitcoin addresses the public key connected to the wallet is not actually exposed (so, not really public), only the hash of it, which limits a lot the capabilities of an attacker. However, there are still many old wallets out there with the old address format, which does expose the public key. Those funds are at at risk until they are moved to a new format address.

  • a methodical and/or dictionary style of attack at cracking it
    vs..
    a randomized quantum attack at cracking it

    its just two different methods of not producing results
  • by thegarbz ( 1787294 ) on Monday June 14, 2021 @06:27AM (#61485328)

    is jump onboard this "bitcoin is broken and insecure" bandwagon and help bring about an end to this human display of mental retardation. Bonus point: we'd be doing something positive for climate change as well.

  • by bradley13 ( 1118935 ) on Monday June 14, 2021 @06:44AM (#61485354) Homepage
    ...fusion energy is only 10 years away.

    Seriously, so far the results of quantum computing are exactly nowhere. Few qubits, poor repeatability, and the only problems "solved" better than digital computers are contrived.

  • by Anonymous Coward
    They say it wouldn't happen overnight, but what if it happened and they didn't realise - that's the real risk. Happened to Germany!
  • by FST ( 766202 ) on Monday June 14, 2021 @07:07AM (#61485398) Journal

    Thorsten Groetker, former Utimaco CTO "and one of the top experts in the field of quantum computing."

    This dude has one scientific publication since 1998 -- at a mediocre venue -- and less than 10 total. He probably couldn't get a PhD with that track record, let alone the title of "top expert".

    • by jmccue ( 834797 )

      This dude has one scientific publication since 1998 -- at a mediocre venue -- and less than 10 total

      That is on the normal WEB, he has hundreds of papers published on the Quantum WEB. If I tell you how to access it, the Quantum WEB will disappear

  • by Anonymous Coward

    Bitcoin Enthusiasts: "Nobody can change the algorithm, so nobody, not even the government, can just decide to print money at a faster rate.
    Quantum Computer Enthusiasts: "What if our computer becomes faster than a regular computer?"
    Bitcoin Enthusiasts: "They will just change the algorithm."

  • Unless a big breakthrough takes place in the meantime, given the slow progress in the number of effective qubits added every year in ten years time quantum computers will still be solving highly ad-hoc problems without any practical applications, toy ones, and very little else.
  • by FeelGood314 ( 2516288 ) on Monday June 14, 2021 @08:16AM (#61485620)
    Your wallet is safe even from a quantum computer that could crack your private key from your public key if you only use it once because your public key is not on the block chain until you spend. Your wallet is a 256 bit hash of your public key. A quantum computer can make finding you public key an order 2^128 computations but that is still secure till the end of time. So the attack against your private key can only really begin once you spend money from your wallet. As long as you always spend all the money in your wallet you are safe. This is true for almost all crypto currencies today.
    • Interesting!

      I'm not sure that "your money is secure if every time you buy something you spend all the money you own" is a good system.

      I assume the solution is that you need a separate wallet for every purchase. Seems like this is going to proliferate the number of wallets radically. Is this a problem?

      • A wallet is just a big number. There is no issue with having the unspent portion of one wallet go into a new wallet. It is actually a requirement of some cryptocurrencies (Monero).
  • Yes, the asset has no inherent value and will evaporate in the not too distant future, but prices can only go up!!
    It could only be better if they had called it tulip-coin.
  • by lamer01 ( 1097759 ) on Monday June 14, 2021 @10:22AM (#61486070)
    If the attack is discovered, it will crater the value of bitcoin thus making the attacker lose a significant portion of their gains. The attacker would need to somehow drain funds and convert to FIAT without disrupting the value of BTC.
  • by TJHook3r ( 4699685 ) on Monday June 14, 2021 @11:19AM (#61486262)
    There are already cases where Bitcoin has been linked to users and enabled takedowns of darknet sites. I guess the costs are not justified for every offence but surely bitcoin users do not expect that it is completely anonymous? If nothing else, the taxman would be very interested in hitting those who have made millions in capital gains - or simply stake out Lamborghini showrooms!
  • I recall all the heated conversation around cracking MD5 when everyone kept saying "BUT IT REQUIRES MORE ENERGY THAN THE NUMBER OF ATOMS IN THE UNIVERSE TO CRACK!!!!"

    Then it was cracked. Same for this.

  • As in, are there any that actually do stuff. Maybe massive scientific calculations, maybe database stuff? Anything?
  • What about cracking the hashing of blocks?
    If you could rewrite part of a block in the chain while still making the following block valid, the entire blockchain is comprised and all your Bitcoins are worthless.
    Obviously attacking a crypto currency by this means can't be financially motivated.
    As the technology becomes more adopted by nations, it becomes political.

  • It is logical that the smarter and more advanced computer technologies become, the more complex security systems become. While the current systems cope with all the complexities, I actively use the crypt on this site [nolimitcasino.com] . I also doubt this, because if there are computers that can do this, then the economy will collapse.
  • How much electricity does the would-be crypto-cracking quantum computer use - compared to, say, bitcoin miners?

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...