the “quantum computer” threat is the y2k of bitcoin
Discussion
Keep in mind thousands of programmers updated codebases at a rapid pace as t banks, networks, etc.... So far nothing has really happened to 'prepare' Bitcoin.
Personally, I think it's all BS, but I'll leave that to the actual Bitcoin developers to solve just in case.
Y2K really was a threat. It was just that we saw it coming years in advance and updated everything.
If you manage to stave off the problem, everyone is like, See, there was no problem!
I don't see anyone working on a potential solution for Bitcoin. That's the difference.
does this mean we get to party like it's 1999 soon? 🎉
I think we updated everythink in the very last decade (maybe a year actually).
Quantum computing is in it's infancy and no real threat now.
And there is academic research for quantum resistent cryptography. It's not like we do nothing...
So it's a real threat but engineers and Devs will solve the issue before it causes any problems?
Y2038 more realistic then quantum, no?
Y2K was solved by everyone dutifully upgrading their code to post-Y2K. How is Bitcoin solving the quantum problem?
Bitcoin doesn’t have a quantum problem.
The only threat is the fear campaign run by centralized quantum computing labs trying to protect their funding status. Bitcoin is the decentralized solution to their centralized quantum computers.
There is no second best quantum computer.
yeah, i just did the math on it. the power cost for a 1 million qbit at current power draw based on qbit count is 49 million to crack one pubkey in 13 days, assuming cheap american $0.16USD per kWH.
afaik, the biggest quantum computer that currently exists is 10k qbits, i'm pretty sure that both the energy infrastructure and cooling costs are exponential for the necessary 100 scaleup required to get a 1M qbit system running. it's not even economic to try and crack a pubkey on a UTXO of less than probably about 1000 bitcoin as well, so it's no threat to the majority of the UTXOs on chain.
while the energy cost for non-quantum supercomputers is a lot higher for comparable computational capability, it's only like twice as efficient. the real blocker for any attack on bitcoin is still economic.
plus, as i also dug around and researched options for post quantum algorithms with problems that are still hard for quantum advantaged algorithms, and VDOO signatures weigh in at 96 bytes, and would probably require upgrading the pubkey hash to 256 bits (hash functions are unaffected) so the actual worst case scenario for bitcoin is it has to have 8mb blocks and it would take a week or two for everyone to move their UTXOs to the new signatures.
not only is the threat nearly zero as it is, with countermeasures in place, which is totally viable in 10 years, it is basically then as close to zero as it can get.
it's just a hype boondoggle to lure gullible investors into paying for the extremely expensive development costs required for this technology, and cracking bitcoin keys would be the most lucrative end goal, which i just covered.
Thanks for doing this, I’m kinda non-techy here, VDOO would require a blocksize increase to work?
Breaking encryption is not really a usecase for a quantum computer lol, so what can a centralized quantum computer actually solve that a coordination system built on top of Bitcoin can’t?
Anyways, I don’t even believe the claims that anyone has provable qubits (still waiting for verifiable proof). As I explained before, I think Bitcoin and general logic disproves continual superpostion and replaces it with discretized Superposition between quantum timesteps.
This subtlety would void all centralized quantum computing models. They are more like fiat computers, pretending to commit states and collapse states upon decree. Bitcoin is the standard.
If the dream of quantum computers was true, the timechain will burn in my opinion. Bitcoin would be second best. I obviously don’t believe this.
yeah, that point about nobody has presented proof of a key crack of any kind is my main issue also.
quantum computers can't break AES encryption, either, they would be no better than a supercomputer, so at best they might see a 20% reduction in cost from this, which is still such an absurdly large amount of money that it's completely inconceivable anyone would do it.
until they could scale up electrical generation capacity to a million times more than we have now, it's completely impossible it would even approach becoming economic to break keys. so it's ridiculous. long before that, the countermeasures would be taken, and personally i don't see it even being feasible before at least 50 years.
it'd be a much more practical use of all that energy to do space migration, in terms of opening access to a larger resource base.
the economics just don't favor it. the end.
The ethos of “don’t trust, verify” seems to come into question in regard to the assumed quantum threat. It’s become “just trust me bro, we need to fork” without any question or verification. This is the real attack on Bitcoin.
The model of centralized quantum computing is the flaw, all claimed qubits exist inside a single machine (node), unverifiable to the outside world. How do you prove a qubit in a black box? Can a qubit even exist meaningfully if it can’t be verified across independent observers? What collapses the state besides fiat decree? Should we fork over trust?
This wall of centralization pushes verification outward to both the theory of quantum mechanics/computing and the economics of the process. We seem to be hitting both sides of the verification, both suggesting there is no threat.
Bitcoin exposes this contradiction. Its qubits (UTXOs) are fully distributed across all nodes, open, auditable, and irreversible. It is the only known system in physics that demonstrates conservation of energy and information without axiom. Physicists should be here studying it. Instead, they keep insisting on centralized models while the decentralized standard already runs at planetary scale open to anyone.
Im not really sure how this resolves. Forking Bitcoin without verification would be the ultimate failure of “don’t trust, verify.” Bitcoin will win in time because its physics is open, while theirs is not.
Bitcoin will win if it can resist the quantum forks.
bitcoin has added new address and signature types several times already. in the event a credible attack succeeds (presumably at a cost of millions of dollars) it will be trivial to justify adding VDOO or other compact PQ signatures.
until then, it's hype. until there is a proof of concept verifiably demonstrated in the wild (and it must be done such that there is no way the secret was accessible to the people running the machine, or it would look like a hoax), it's irrelevant.
no proof, not verified. disregard.
also, distributed systems are not quantum anything. they are simply a collection of protocols and applications that speak them that make it possible for multiple replicas of the system, or any components of it, to seem like a single, unified "von neumann machine" with atomic state, with the caveat that usually there is a propagation delay due to light speed. distributed systems are the multi-computer version of concurrrent execution in a single computer.
Yes agreed, the distributed nature of Bitcoin does not make it “quantum”.
Bitcoin was equally as quantum at genesis when Satoshi was running the only node versus today when we have arguably the most amount of nodes.
I don’t think quantum systems can achieve further complexity without become a distributed system. We can clearly see this with biology.
it's a threat to the whole internet. TLS uses ECC too
https://en.wikipedia.org/wiki/Post-quantum_cryptography
i think there is still a huge energy cost to quantum computers and they are a long way from making them even big enough. the cost of running one of the current devices is very high - a 10k qbit device uses 10KW. if that scales linearly then 1 gigawatt is the minimum cost for a device that could come close to running shor's algorithm on this basis.
they are potentially more efficient on power basis but still, it's only like 50% better than a supercomputer of similar capability.
the other thing is that it already doesn't affect AES or ChaCha20-Poly1305 or ECDH, comparatively the improvement on breaking those keys is marginal.
it only really affects elliptic curve signatures and public keys.
there is a number of options, i'm not sure which ones are the best, but a very old signature scheme based on merkle trees is quite strong because it is purely based on hash functions, and there is lattice, multivariate, elliptic curve isogeny and coding schemes based on error correction codes like reed solomon.
the most important thing, though, is that it is still probably years away from them being able to make the million qbit machines that pose a real threat, and as i point out, a computer that requires a gigawatt of power is not going to be wasted on attacking trivial amounts of bitcoin either. so, keeping your UTXOs relatively small is for sure a defense against it.
average US electricity cost currently is about $0.16/KWh so that is $160,000/h to run a 1GW installation for an hour. in europe that comes to more like $400,000/h. i assume that there is some amount of time required for the algorithm to break one key:
> Estimates suggest that breaking the encryption within one hour would require approximately 317 million physical qubits, assuming a surface code with a code cycle time of 1 microsecond, a reaction time of 10 microseconds, and a physical gate error rate of 10^-3.
>
> To break the encryption within one day, it would require about 13 million physical qubits.
>
> These requirements are far beyond the capabilities of current quantum computers, such as IBM's largest superconducting quantum computer, which has 127 physical qubits.
so, if you look at that cost, and best case scenario for power cost as we see in USA (btw power cost is similar in bulgaria), the cost of running a 1 million qbit machine for long enough to crack one bitcoin key would be 13 days with a cost of:
49 million dollars.
ECDH is affected by QC
that is just DH + Kyber mixed, DH to tolerate a potential vulnerability in Kyber, Kyber to be PQ resistant
it's already in use on signal, and it does pretty much defeat quantum attacks.
but the attack is very hypothetical and likely costs maybe into the hundreds of thousands of dollars worth of power to do it.
The only real threat centralized quantum computing poses to Bitcoin is psychological: convincing the masses to fork the chain out of fear. The danger isn’t in physics or cryptography; it’s in perception.
Quantum hype preys on misunderstanding, not on any reproducible mechanism to break Bitcoin’s thermodynamic security. The real attack vector isn’t qubits; it’s narrative over “forks” and “upgrades” towards a nonexistent threat.
if I had a sat for every time someone told me that I'll lose my coins to quantum computers... I'd have more sats.