Does someone with a far better understanding of Bitcoin than I take a look at this? What will happen if quantum computing can do what is claimed in this article?
Google says quantum computers might break Bitcoin way sooner
Google revealed that breaking the RSA encryption, the same tech that secures crypto wallets, might need 20 times fewer quantum resources than previously estimated. The tech company introduced a new quantum computing chip called Willow in December 2024 and said it could break Bitcoin in at least two days.
The firm argued that Willow could solve in five minutes a problem that would take most supercomputers 10 septillion years to solve. At the time, critics believed Willow’s power could overtake Bitcoin’s hash rate in minutes, rewrite the Bitcoin blockchain, or even steal Satoshi’s coins.
Would this mean the end of Bitcoin? Or is there a path to use quantum safe algorithms in Bitcoin?
“bitcoin” is whatever 51% of the miners say it is.
*IF* there are or will be quantum computers that can break public key systems like RSA, *AND* there is some other public key system that is *not* vulnerable, *THEN* the miners could choose to switch to it…. though there is that “closing the barn door too late” issue.
That’s alot of ifs. My estimation is that failure of public access to reliable electric power is the more likely threat to bitcoin… but what do I know?
On second thought, there is the issue that all the keys would have to be switched over to new keys before the old ones are broken. That means a completely new blockchain based on all new keys. Might as well call it something else, because each individual key owner would have to adopt a new key, and then move the coins.
In this eventuality, the failure of bitcoin would not even make the news, as this would be the failure of *all* digital banking systems, as well as nearly all other online security systems, including SSL (https etc)
It would be a mad scramble by everyone to get everything into physically verifiable commodities.
The NIST has already started publishing lists of Quantum-resistant encryption algorithms and the IT industry has started moving to them, plus key length is a real factor. If 2048-bit RSA keys can be broken the world will move to 4096-bit keys.
When you actually read the articles you will see quantum computing’s eventual capabilities are being hyped as badly as Y2K was.
I also wonder:
Coding a 16bit divide routine for a FORTH envirionment I was coding for an 8051 back in th mid 80’s, I learned alot: The 8051 8bit multiply instruction was useful within the 16bit FORTH multiply, but the 8051 8bit divide instruction was completely useless to the 16bit FORTH divide routine. Multiply and Divide are *not* reverse functions (Multiply has no analog to division by zero).
So I wonder… Is a 128bit quantum computer useful for factoring 4096bit keys, or do you have to build a 4096+qubit machine for the job?
That’s an awful lot of entanglement right there….
I did not do much 8051 coding. But I did do a little…
My quantum mechanics is old and nowhere near good enough to really understand this stuff, but from what little I understand of Shor’s algorithm (quantum factoring) is that it doesn’t subdivide: you need a 2N qubit machine to factor an N bit number. And those are error free (or close enough) qubits, which means you need a LOT more physical qubits because of ECC. The Google work suggests “a lot more” can be reduced from a factor of 1500 to a factor of 400 or so with enough cleverness, but for real world cryptanalysis that still means a seriously big machine. Whether machines that size are feasible, and if so when, is the question.
Re increasing the key size: that isn’t as much help as you might think. Against classic computer factoring it helps a lot because factoring gets harder very quickly as the key size increases. But I think the speed of Shor’s algorithm is far less dependent on key size, so the answer is not a bigger RSA but an entirely different type of algorithm that isn’t vulnerable to that attack or to other known quantum computer algorithms.
I agree with the previous commenter. The fall of bitcoin would be a minor drop in the bucket compared to the wide ranging damage caused by the loss of encryption on the rest of the economy. It’s important to remember that all money is merely and exchange marker with no intrinsic value. Steam gaming market is 10 billion in it’s own right made 100% of digital assets.
The article is full of caveat, handwaves, and “theoretically” disclaimers.
One point is that Bitcoin doesn’t use RSA, it uses elliptic curve public key encryption. The article implies that this is also vulnerable to Shor’s algorithm but doesn’t come right out to say so, curiously enough.
The key problem to be solved is error correction. Shor’s algorithm if I remember right needs two qubits per data bit of the value to be factored, but those are error free qubits. Real world qubits need error correction, and unlike conventional computer RAM ECC codes the quantum ECC codes need amazing numbers of qubits. The article talks about better schemes that might need fewer physical qubits, and it seems there are time tradeoffs there — computing for a long time eventually probably gets you an answer.
And with all that, as the article also points out, there are “post quantum cryptography” ciphers in the pipeline, with work to deploy them in the real world well underway. That addresses the bigger issue Rolf comments on (and I agree that the impact on HTTPS is far more important than Bitcoin).
Grafting PQC onto Bitcoin would be an incompatible change but not a problem as far as I can see. And as for the blockchain, switching to PQC doesn’t require rewriting old entries (which would in fact not be possible, that’s the whole point). Instead, one would extend the blockchain with new entries signed by PQC, and the resulting system would rely on the consensus that the point of switchover is the new trust root of the blockchain. Earlier entries would still be around for historic information but in a quantum computing world would no longer be authoritative — but they wouldn’t need to be.
Yes, as per the original question (bitcoin), this answer is better than mine.
We really don’t know yet just what Quantum computers will do to security issues. At the very least they will force companies and others to take a hard look at their security measures if they wish to remain relevant. Quantum computing will probably be like other technologies…advances and counter advances. Good and bad uses.