| ▲ | Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities [pdf](quantumai.google) |
| 39 points by jandrewrogers 7 hours ago | 21 comments |
| |
|
| ▲ | int32_64 5 hours ago | parent | next [-] |
| Is there any field with as big of gap between theory and experiment than QC? You read papers like this and think they will be harvesting all Satoshi's coins in a couple years and then you remember that nobody has even factored 21 yet on a real quantum computer. |
| |
| ▲ | Retr0id 5 hours ago | parent | next [-] | | Fusion power comes to mind. | | |
| ▲ | nostrademons 5 hours ago | parent [-] | | It's interesting, solar panels were in this category in the 1980s and self-driving cars were in the 2010s, and both have had the gap between theory and practice significantly narrowed since. | | |
| ▲ | PowerElectronix 3 hours ago | parent [-] | | With fusion it's gonna be harder, I think. First you need to pump energy into it to get the fusion itself. This involves energising supermagnets, vacuum pumps and heating and controlling the plasma. We are not even here yet. And once you get to that point, you need to harness the output energy of a million degrees plasma through something that yields a pretty high efficiency (so that pumping energy into the plasma is not only worthwhile, but makes financial sense) and requires a reasonably low maintenance. I see fusion more practical as a rocket technology (which is just basically impossible) than as an actual energy facility asset. |
|
| |
| ▲ | xhkkffbf 4 hours ago | parent | prev | next [-] | | And it's worse than that. In order to "factor" 15=3x5, they designed the circuit knowing that the factors were three and five. In other words, they just validated it. And that's something you can do with a regular CPU. | |
| ▲ | scorpionfeet 4 hours ago | parent | prev [-] | | Y2K Oh wait: thousands of programmers started working on this in the early 90s so that there would be so few failures people thought it was a scam. The entire financial and government infrastructure was based on ecdsa until the shift to pqc. The consequences of not preparing are literal threats to global economy. That can’t be understated. The cost to switch to (hybrid) pqc is essentially zero when compared to the costs for not doing it. |
|
|
| ▲ | upofadown 2 hours ago | parent | prev | next [-] |
| You can save time by first looking at the required noise performance of these schemes. From the abstract of the paper: >On superconducting architectures with 10−3 physical error rates... So good old 0.1% noise performance again. That seems to have come from the "20 million noisy qubits to break RSA" scheme[1] from back in 2019. That level of noise performance is still wildly out of reach and for all we know might be physically impossible. [1] https://arxiv.org/abs/1905.09749 |
| |
| ▲ | adgjlsfhk1 2 hours ago | parent [-] | | > That level of noise performance is still wildly out of reach It's only ~1 order of magnitude away from current capability. current gen QCs are around 1% gate error rate, and a decade ago SOTA was ~10% error rate, so if progress continues it should be achievable relatively soon. | | |
| ▲ | api 2 hours ago | parent [-] | | People don't understand the exponential function. Let's say you start adding water to a fish tank drop by drop, and double the number of drops each time. One drop, two, four, eight, and so on. When is the fish tank half full? When it's like 1/16 of the way full, or something like that. |
|
|
|
| ▲ | jryio 5 hours ago | parent | prev | next [-] |
| Here's an interesting discussion from Section 8 - Dormant Wallets: If a nation state develops a sufficiently powerful quantum computer. Seizure of the Satoshi-era bitcoin wallets without post quantum protections would fund either rogue actors or nation states. > Indeed, some governments will have the option of using CRQCs (or paying a bounty to companies) to acquire these assets (possibly to burn them by sending them to the unspendable OP RETURN address [321]) as a national security matter. As before, blockchain’s loss of the
ability to reliably identify asset owners combined with the laches doctrine [319] enables governments to argue that
the original owners, through years of inaction, have failed to assert their property rights |
| |
| ▲ | PowerElectronix 5 hours ago | parent [-] | | As soon as activity is detected and reasonably atributable to sha256 being broken, bitcoin goes to zero. | | |
| ▲ | some_furry 4 hours ago | parent [-] | | What? Quantum computers don't break SHA256, nor would this attack be "reasonably attributable" to a SHA256 break. In fact, if you have funds in a wallet that has never spent a transaction before (only received), it's still reasonably difficult for a CRQC to steal your funds. The trick is, the moment you've ever spent a transaction, now your public key is known (and therefore breakable). (Yes, I'm aware of the literature on quantum search vs hash functions, but it's not a complete break like RSA or ECC.) |
|
|
|
| ▲ | vibe42 2 hours ago | parent | prev | next [-] |
| Ethereum has a new site for PQ research: https://pq.ethereum.org/ |
|
| ▲ | newpavlov 5 hours ago | parent | prev | next [-] |
| Dup? https://news.ycombinator.com/item?id=47582418 |
|
| ▲ | vibe42 3 hours ago | parent | prev | next [-] |
| Will be pretty wild when mass migration of accounts begin. The analytics of thousands of accounts sending tokens to new accounts. Better use a VPN a migrate on an unusual hour in your time zone :D |
|
| ▲ | SrslyJosh 5 hours ago | parent | prev | next [-] |
| I can't think of a less useful avenue of research in cryptography right now. |
|
| ▲ | gosub100 5 hours ago | parent | prev | next [-] |
| 'Code is law' doesn't exclude quantum code. |
|
| ▲ | meling 6 hours ago | parent | prev [-] |
| Call me when they have broken ECC with a real quantum computer. |
| |
| ▲ | alphager 4 minutes ago | parent | next [-] | | That would be about 10-15 years after the moment it would have been wise to migrate to PQC. You won't have the time to migrate before breach when you start after ECC is broken. | |
| ▲ | nh23423fefe 6 hours ago | parent | prev [-] | | Why is your use case interesting? | | |
|
