Replying to Avatar StackSats.IO

“What would it seem like if it did seem like a global, digital, sound, open source, programmable money was being cracked by quantum computers?”
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 6mo ago

the quantum fud against bitcoin is an old staple of shitcoiners and nocoiners, but especially shitcoiners.

it's quite nonsensical because schnorr's algorithm, supposedly enabled by the use of extremely expensive to keep cool qbits to be computed in a relatively short time period, is for reversing the transformation that turns a secret key into a public key

the public key of a bitcoin address (which is a ripemd160 hash, with only 20 bytes, 12 bytes are completely removed, the rest is scrambled with a still known to be secure hash function) only appears on the record after it's spent.

this is why it is commonly said you should not reuse bitcoin addresses. the pubkey and the secret key are mathematically related, and according to the theory of Schnorr, can be reversed. thus, once a UTXO is spent, the key that controls that address is now vulnerable to a quantum schnorr algorithm attack.

a lot of hype goes on in shitcoin land about how they are using supposedly "quantum resistant" public keys, and it's notable that basicaly anything that uses schnorr's signature algorithm, meaning taproot, nostr keys, musig2, and all of the shitcoins using the closely related edwards 25519 curve and the signature algorithm which is almost identical to schnorr, are not vulnerable to this attack anyway.

so, yeah. already, if people would just git r done and move to taproot addresses, this conversation would be over already. not only that, there has been some wallets that generated vulnerable keys, via signatures with poor entropy, that have been hacked. but these were trivial attacks and yielded nothing, and the signatures of this wallet are relatively easy to identify across the ledger.

oh yeah and not to forget, microsoft loves to fud bitcoin with quantum schnorr hype

it's nonsense. you can't quantum reverse a hashed and much smaller 20 byte address back into a secret key, without brute forcing at least on average half of the field, ie, 128 bits, this is where you always hear the "12x bits of security" regarding elliptic curve signatures.

once that address has been spent though, you have a valid target for a quantum crack.

what's the lesson here?

don't reuse addresses on legacy or segwit. prefer to use taproot. and stop listening to quantum fudsters, who are just one of the many latest snake oil vendors of this time.

Reply to this note

Please Login to reply.

Discussion

No replies yet.