Defending against the quantum attack in stake minting

calian · June 12, 2013, 6:12am

Forgive my incomplete understanding of cryptography but I want to discuss this issue as I feel it’s timely. Normal unspent bitcoin addresses are protected by three layers of security. After they have signed a transaction to spend coins on the network they are only protected by one. A bitcoin address is 1 appended to the following: RIPEMD-160(SHA-256(ECDSA public key)) appended to a checksum.

https://en.bitcoin.it/wiki/Protocol_specification#Addresses

Spending your coins reveals your public key. Quantum computers with a sufficient number of qubits are believed to be able to trivially find private keys from the public keys via Shor’s algorithm. In bitcoin the solution to this risk is simple and the client does it by default: use a new address every time.

With proof of stake you need to use your public key to sign a stake block, thus revealing it. To maintain the level of security against quantum attack that bitcoin has by default you would need to transfer all your coins to a new address simultaneously. Does PPCoin do this?

This isn’t hypothetical anymore. Google and NASA just purchased a 512 qubit quantum computer. http://singularityhub.com/2013/06/05/google-buys-quantum-computer-for-artificial-intelligence-lab-at-nasa/

whifmoi · June 12, 2013, 12:46pm

Forgiven, this is very interesting.

Yet it seems to be far away, but nevertheless it should be put into account.

Sunny_King · June 13, 2013, 6:56pm

If ECDSA is getting close to be broken by a quantum computer, presumably bitcoin should have upgraded the public key cryptography it uses. Thanks for the link, I was not aware that quantum computer is advancing this fast.

d5000 · June 13, 2013, 10:36pm

This D-WAVE machines are not full-fledged quantum computers. They cannot be used for cryptography. It’s not even clear if they are faster than regular digital computers.

craslovell · June 14, 2013, 2:36am

Interesting information for sure, but hopefully this is an issue that we will not have to tackle for several years yet.

patapato · August 23, 2013, 12:49pm

Some non-orthodox physicists, namely hidden variable theorists, think that quantum computers will not be possible because decoherence could not be avoided enough, because it is intrinsic. That means that it will not be a question of time and technology progress, but a question on fundamentals of physics.

See for example http://arxiv.org/abs/1007.1947:

One should not assume before unambiguous experimental evidence that any two-state quantum system is quantum bit. No experimental evidence of superposition of macroscopically distinct quantum states and of a quantum bit on base of superconductor structure was obtained for the present.

or http://www.fqxi.org/data/essay-contest-files/Paraoanu_impossibility_para.pdf:

it might not be possible, after all, to scale up the few qubits that have been realized so far. If this turns out to be the case, the consequences could be truly amazing: it would mean that quantum mechanics is indeed an incomplete description of reality, as Einstein thought, and it would also imply that certain types of computation - and the knowledge derived from it - are fundamentally inaccessible.