Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
EthanHeilman 15 hours ago

"A CRQC is an existential threat to Bitcoin (you might believe this is very low-likehood). Your measurement of this threat should literally be:

(A) How likely you think it is a CRQC appears by a given time, multiplied by (B) How likely it is you think Bitcoin will not successfully upgrade by that time."

It would interesting to survey people about their answers.

My off the cuff answer is:

2030: A=0.05, B=0.01

2035: A=0.50, B=0.001

2045: A=~1.0, B=~0.0

I reserve the right to change my mind on these answers at any point. This is not a serious prediction.

littlecranky67 an hour ago | parent | next [-]

You should also consider that a CRQC needs not only to exist, but be used in a certain way. I can hardly see the first thing Google or IBM do upon their breakthrough, is stealing bitcoins. There is a reputation to have. And it is also unlikely some hacker can build a superior quantum computer in their backyard before some trillion dollar companies with a research budget can.

flatline 14 hours ago | parent | prev | next [-]

I'm skeptical that B is fully possible. You can create a PQ fork of bitcoin but you cannot automatically bring vulnerable wallets along - and there are a lot of vulnerable wallets, especially from the early days. There's a catastrophe ahead for bitcoin with an apparent probability of 1.0. That's hard to account for in this scheme.

3 hours ago | parent | next [-]
[deleted]
sankao 7 hours ago | parent | prev | next [-]

I would argue that the hackers will do the jobs of transferring funds from insecure wallets to secure ones very efficiently.

netheril96 6 hours ago | parent [-]

It would still tank the price. Right now many Bitcoins are lost because no one holds the keys any more. When they can hack it, suddenly the sell pressure significantly goes up.

mono442 2 hours ago | parent | prev [-]

a hard fork could burn bitcoins which are vulnerable

sayYayToLife 14 hours ago | parent | prev | next [-]

Karl Popper calls this a psychological probability(% chance I go to the gym today). This is different from objective probability (% chance a dice lands on 5).

EthanHeilman 14 hours ago | parent [-]

In this case, it seems like we are rolling dice but no one is quiet sure if the dice are fair, how many sides it has and what numbers are written on the dice.

The only thing I am confident in is if it the bigger the fire, the faster the work. I want the Bitcoin community to start the work as early as possible so that it doesn't have to rush because rushing increases the chance of mistakes.

Start early, don't rush.

hackernudes 14 hours ago | parent | prev | next [-]

CRQC = cryptographically relevant quantum computer

tomtomtom777 12 hours ago | parent | prev [-]

2045 A=~1.0 seems way off. CRQC is still a theoretical construct with hurdles to overcome. Yes, there is a significant risk that it will exist somewhere in the next decades, but there is also still a significant chance that it will be shown to be practically impossible.

EthanHeilman 12 hours ago | parent [-]

That is not what I am hearing from people working on CRQC. A prediction of a CRQC with 10% by 2030 was made by own of the top experts in this field. 2045 used to be the pessimistic outlook by experts with a bunch of experts predicting earlier. Recent work has shown that CRQC is actual 20 times easier to built that previously thought, accelerating all timelines.

We are seeing significant progress in two different types of quantum computers, neutral atom and superconducting qubit.

No one really knows when it will happen, but the chance that it is practically impossible is held only by a small number of experts. Given what we have seen in 2026 has significantly shifted expectations.

hatthew 11 hours ago | parent [-]

"Accelerated timeline" and "impossible" are not mutually exclusive. We may just reach the point where we conclude it's impossible sooner.

Not commenting on specific numbers/estimates.