what risk is worse than everyones taproot wallets being wide open to theft?
Discussion
I'm more worried about core devs fucking things up. Chance of that is much greater than some quantum woo becoming reality.
there is basically no chance that going to happen
but there is some chance of
- bitcoin being coopted by the state
- no fees mining death spiral
- bitcoin being outlawed
two of those don't sound like things development resources can be put towards, and the third is a ludicrously unlikely speculative scenario that arguably can’t be mitigated at all. I doubt a few blocks with no fees would discourage people who have invested massive sums in Bitcoin mining ASICs from maintaining the network.
Successful use of Shor’s algorithm on quantum computers to factor wallet private keys is an inevitability, given enough time. I’m not quite so alarmist to think that it is going to happen by 2028. But it is going to happen, that is guaranteed. So there needs to be an additional wallet format that prevents such an attack introduced well before it does. FIPS-204 and FIPS-205 should most likely both be introduced as different wallet schemes simultaneously, so people can do 3 of 3 multisig with both of them and a taproot wallet, given the period of incoming volatility here.
What's amazing to me in this thread is the psychology of treating signing algorithms like immutable natural laws, with one poster comparing any concern of the future security of Bitcoin’s cryptography to the COVID hoax. ECDSA held up so long and had such a gigantic tower of wealth built on it that people forgot that its immediate predecessor, DSA, became a FIPS standard in 1994 and is now considered horrifically insecure.
Every cryptography algorithm has an expiry date. Everyone over 30 years of age has lived through a major one of these expiry dates. The idea that ECDSA and Schnorr signatures would last for centuries and nothing needs to be done to prepare for their obsolecence is positively laughable.
no signing algorithm based on elliptic curves is known to have been broken
elliptic curves are completely different from past schemes, there is no law or past experience that says they will ever break
so much that every single specialist assumes that the only thing that can break them is quantum computing
which is also another hypothetical breakthrough we have no guarantee whatsoever that will ever be achieved
shors algorithm specifically breaks elliptic curve cryptography. that's the entire point of it.
see this paper for resource estimates https://arxiv.org/abs/1706.06752
optech has a page on this as well which is cool https://bitcoinops.org/en/topics/quantum-resistance/
don't you think it's weird that billions are being invested worldwide on a technology that has the only purpose of breaking bitcoin?
zero profit potential, no benefit to humanity whatsoever
it can be used to simulate quantum physics which would be huge for materials/technology breakthroughs
sure they came up with that garbage reasoning later
"we'll simulate quantum physics with quantum physics"
that doesn't sound like a computer to me, it's like me saying my kitchen is a food computer with which I can simulate the act of making food
that's not what any of these researchers are focusing on, that's not what gets them excited, they're focusing on shor's algorithm
no, they did not come up with it later.
insane amounts of money was being invested into quantum computing far before Bitcoin existed. Shor discussing his algorithm for factoring cryptographic keys in the context of quantum dates back to the mid nineties. The first demonstration of an actual physical implementation of quantum was over a decade before Bitcoin, and it was for search regardless, not breaking signatures. The whole universe does not revolve around Bitcoin and all of this work began a couple decades before the genesis block.
lol exactly. thank you
still you must recognize that the food computer analogy was good
leave a like if you agree
thanks
its not a general purpose computer no, its a specialized tool for doing very specific things with limited use cases. you won't be gaming on your quantum pc anytime soon
the main reason is that computing with physics is really difficult.
create a quantum algorithm is like trying to build a program that consists of throwing stones into a pond and trying to encode the answer in the constructively interfering waves.
that's why there are only like 5 discovered algorithms (limited use cases).
i honestly had no idea how shor came up with it. i mean if you just look at him he's a giga nerd.
That being said, your concern is slightly legitimate. A lot of focus *is* being given to Shor over other algorithms and potentially making money off of Bitcoin derivatives markets is a major part of that motivation. Which is exactly why we need to start taking this seriously and have planned quantum resilience baked into Bitcoin. I’d like to see FIPS-204/205 and eventually 206 when it becomes solidified as a standard be made into wallet formats. So that I can have an n-in-n multisig with taproot and all the new algorithms for my life savings, in hopes that at least one will remain invulnerable through the coming era.
If you are right and quantum never materializes as a threat to elliptic curves, we will have accomplished less, but it will be at least enough for my peace of mind (I have 90% of my net worth in Bitcoin) and it will also let the general market see in the interim that Bitcoin developers and the community have taken potential threats seriously.
If you are wrong and Bitcoin breaks elliptic curves, then we will have saved everything my children are going to inherit.
qm is the substrate of reality, being able to harness it directly using computation is the start of all of our future technology IMO
Not verifying the unproven assumption that continuous time is fundamental.