Nostr Web Client

two of those don't sound like things development resources can be put towards, and the third is a ludicrously unlikely speculative scenario that arguably can’t be mitigated at all. I doubt a few blocks with no fees would discourage people who have invested massive sums in Bitcoin mining ASICs from maintaining the network.

Successful use of Shor’s algorithm on quantum computers to factor wallet private keys is an inevitability, given enough time. I’m not quite so alarmist to think that it is going to happen by 2028. But it is going to happen, that is guaranteed. So there needs to be an additional wallet format that prevents such an attack introduced well before it does. FIPS-204 and FIPS-205 should most likely both be introduced as different wallet schemes simultaneously, so people can do 3 of 3 multisig with both of them and a taproot wallet, given the period of incoming volatility here.

weev 4d ago

What's amazing to me in this thread is the psychology of treating signing algorithms like immutable natural laws, with one poster comparing any concern of the future security of Bitcoin’s cryptography to the COVID hoax. ECDSA held up so long and had such a gigantic tower of wealth built on it that people forgot that its immediate predecessor, DSA, became a FIPS standard in 1994 and is now considered horrifically insecure.

Every cryptography algorithm has an expiry date. Everyone over 30 years of age has lived through a major one of these expiry dates. The idea that ECDSA and Schnorr signatures would last for centuries and nothing needs to be done to prepare for their obsolecence is positively laughable.

Reply to this note

Please Login to reply.

Discussion

the axiom 4d ago

no signing algorithm based on elliptic curves is known to have been broken

elliptic curves are completely different from past schemes, there is no law or past experience that says they will ever break

so much that every single specialist assumes that the only thing that can break them is quantum computing

which is also another hypothetical breakthrough we have no guarantee whatsoever that will ever be achieved

jb55 4d ago

shors algorithm specifically breaks elliptic curve cryptography. that's the entire point of it.

jb55 4d ago

see this paper for resource estimates https://arxiv.org/abs/1706.06752

jb55 4d ago

optech has a page on this as well which is cool https://bitcoinops.org/en/topics/quantum-resistance/

the axiom 4d ago

don't you think it's weird that billions are being invested worldwide on a technology that has the only purpose of breaking bitcoin?

zero profit potential, no benefit to humanity whatsoever

jb55 4d ago

it can be used to simulate quantum physics which would be huge for materials/technology breakthroughs

the axiom 4d ago

sure they came up with that garbage reasoning later

"we'll simulate quantum physics with quantum physics"

that doesn't sound like a computer to me, it's like me saying my kitchen is a food computer with which I can simulate the act of making food

that's not what any of these researchers are focusing on, that's not what gets them excited, they're focusing on shor's algorithm

weev 4d ago

no, they did not come up with it later.

insane amounts of money was being invested into quantum computing far before Bitcoin existed. Shor discussing his algorithm for factoring cryptographic keys in the context of quantum dates back to the mid nineties. The first demonstration of an actual physical implementation of quantum was over a decade before Bitcoin, and it was for search regardless, not breaking signatures. The whole universe does not revolve around Bitcoin and all of this work began a couple decades before the genesis block.

jb55 4d ago

lol exactly. thank you

the axiom 4d ago

still you must recognize that the food computer analogy was good

leave a like if you agree

thanks

jb55 4d ago

its not a general purpose computer no, its a specialized tool for doing very specific things with limited use cases. you won't be gaming on your quantum pc anytime soon

jb55 4d ago

the main reason is that computing with physics is really difficult.

create a quantum algorithm is like trying to build a program that consists of throwing stones into a pond and trying to encode the answer in the constructively interfering waves.

that's why there are only like 5 discovered algorithms (limited use cases).

i honestly had no idea how shor came up with it. i mean if you just look at him he's a giga nerd.

weev 4d ago

That being said, your concern is slightly legitimate. A lot of focus *is* being given to Shor over other algorithms and potentially making money off of Bitcoin derivatives markets is a major part of that motivation. Which is exactly why we need to start taking this seriously and have planned quantum resilience baked into Bitcoin. I’d like to see FIPS-204/205 and eventually 206 when it becomes solidified as a standard be made into wallet formats. So that I can have an n-in-n multisig with taproot and all the new algorithms for my life savings, in hopes that at least one will remain invulnerable through the coming era.

If you are right and quantum never materializes as a threat to elliptic curves, we will have accomplished less, but it will be at least enough for my peace of mind (I have 90% of my net worth in Bitcoin) and it will also let the general market see in the interim that Bitcoin developers and the community have taken potential threats seriously.

If you are wrong and Bitcoin breaks elliptic curves, then we will have saved everything my children are going to inherit.

the axiom 4d ago

makes sense, I may agree

on an related topic, what do you think of moving to zcash? they're quantum resistant, scalable and fully private, it sounds like the bitcoin ideal

I'm not a zcash shill and don't own any, was just thinking

weev 4d ago

zcash is not fungible

jb55 4d ago

qm is the substrate of reality, being able to harness it directly using computation is the start of all of our future technology IMO