Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jryio 7 hours ago

Here's an interesting discussion from Section 8 - Dormant Wallets:

If a nation state develops a sufficiently powerful quantum computer. Seizure of the Satoshi-era bitcoin wallets without post quantum protections would fund either rogue actors or nation states.

> Indeed, some governments will have the option of using CRQCs (or paying a bounty to companies) to acquire these assets (possibly to burn them by sending them to the unspendable OP RETURN address [321]) as a national security matter. As before, blockchain’s loss of the ability to reliably identify asset owners combined with the laches doctrine [319] enables governments to argue that the original owners, through years of inaction, have failed to assert their property rights

lifis an hour ago | parent | next [-]

I don't think you can steal Bitcoin with a quantum computer because the blockchain only stores the 256-bit hash of the public key, so you need to reverse that, which costs 2^128 with grover's algorithm

tigereyeTO 5 minutes ago | parent [-]

You’re right that P2PKH addresses use the hashed public key, but there are other address types.

The very early days of Bitcoin had addresses created using the now-deprecated P2PK address variant—Pay To Public Key. These addresses are simple encoded secp256k1 public keys with no hashing.

There are still > 1.5 million BTC stored in P2PK UTXOs as of this post, all of which are up for grabs to the first person who can derive the private keys for the known public keys

PowerElectronix 7 hours ago | parent | prev | next [-]

As soon as activity is detected and reasonably atributable to sha256 being broken, bitcoin goes to zero.

some_furry 6 hours ago | parent [-]

What?

Quantum computers don't break SHA256, nor would this attack be "reasonably attributable" to a SHA256 break.

In fact, if you have funds in a wallet that has never spent a transaction before (only received), it's still reasonably difficult for a CRQC to steal your funds. The trick is, the moment you've ever spent a transaction, now your public key is known (and therefore breakable).

(Yes, I'm aware of the literature on quantum search vs hash functions, but it's not a complete break like RSA or ECC.)

3 hours ago | parent | prev [-]
[deleted]