John Smith, who has been regularly keeping up with computer science, quantum computing, and cryptocurrency-related developments, claims that the “future of crypto” is quantum-resistant, meaning we must build systems that can protect themselves against the potential attack from quantum computers (QCs) when they become powerful enough to present a challenge to digital asset networks.
How long until someone builds a quantum computer that can steal BTC by quickly deriving private keys from their associated public keys?
Serious estimates range from 5 to 30+ years, with the median expert opinion being around 15 years. 3/ pic.twitter.com/gpqLkmb5Jz
— John Smith (@JSmith_Crypto) February 10, 2021
While discussing what the future threat to Bitcoin (BTC) from Quantum Computing might be, and how big of a deal it really is, Smith claims that the threat is that quantum computers will “eventually be able to break Bitcoin’s current digital signatures, which could render the network insecure and cause it to lose value.”
He goes on to question why there isn’t already a solution “as trivial as simply upgrading the signatures?” He explains that this might not be possible due to the decentralized nature of Bitcoin and other large crypto-asset networks such as Ethereum (ETH).
While discussing how long until someone actually develops a quantum computer that can “steal BTC by quickly deriving private keys from their associated public keys,” Smith reveals that serious estimates range somewhere from 5 to over 30 years, with the “median expert opinion being around 15 years.”
“Banks/govts/etc. will soon upgrade to “quantum-resistant” cryptography to secure themselves going forward. Bitcoin, however, with large financial incentives for attacking it and no central authority that can upgrade *for* users, faces a unique set of challenges.”
Going on to mention the main challenges, Smith notes that we can separate “vulnerable” BTC into three classes, including lost coins (which are estimated to be several million), non-lost coins residing in “reused/taproot/otherwise-vulnerable addresses, and coins in the mempool (i.e., being transacted).”
Beginning with lost coins, why are they even an issue? Because it’s possible to steal “a huge number all at once” and then selling them in mass quantities which could tank the entire crypto market. He added that “if that seems imminent, the market could preemptively tank.” He also mentioned that an attacker may profit greatly by “provoking either of the above and shorting BTC.”
While proposing potential solutions, Smith suggests “preemptively burning lost coins via soft fork (or backwards compatible upgrade).” He clarifies that just how well this works will depend on:
- Are “enough lost coins covered to prevent a liquidity crunch or market spook?”
- Which coins “get burned, who decides, & how difficult is it to reach consensus on these decisions?”
He further noted:
“Another potential way around the problem of millions of lost BTC is if a benevolent party were to steal & then altruistically burn them. Not clear how realistic this is, given the financial incentives involved & who the parties likely to have this capability would be.”
“Moving on …why are non-lost coins with vulnerable public keys an issue? This is self-evident. The primary threat to the wealth of BTC holders is their BTC being stolen. And as with lost coins, a related threat is that the market starts to fear such an attack is possible.”
He also mentioned that another solution could be that Bitcoin adds a quantum-resistant signature and holders “proactively migrate.” He points out that how well this all works will depend on:
- How long is the time-window for “safe migration”? (It would “ideally begin years in advance”)
- How “proactively & universally do BTC holders comply?”
While discussing the vulnerability of coins in the mempool, Smith mentioned that it could “complicate migration to quantum-resistant addresses *after* large QCs are built” or it could “greatly magnify the threat posed by an unanticipated “black swan” advance in QC.”
While proposing other solutions, Smith noted:
“A ‘commit-reveal’ tx scheme can be used to migrate coins without mempool security. This gets around the vulnerability of a user’s old public key by adding an extra encryption/decryption step based on their new quantum-resistant key — but w/ crucial limitations.”
“Considerations w/ commit-reveal migration [are that] it’s not foolproof unless a user starts with their coins stored in a non-vulnerable address, because attackers can steal any vulnerable coins simply by beating the original owner to the punch.”
Considerations with commit-reveal migration are also that commit transactions “introduce technical hurdles (vs. regular txs) & increase the load on the network.” Neither of these are “insurmountable by any means, but they suggest that this method should not be relied upon too heavily,” Smith claims.
He also noted that how well the commit-reveal transaction type “works” will depend on:
- How much of “a head start BTC holders get on migration before it becomes necessary”
- The “ability of the network to handle the increased tx data volume”
- How “practically accessible it is for users who need it.”
“One potential way around the network overhead & just plain hassle of commit-reveal migration would be if a highly efficient quantum-resistant zero-knowledge proof were discovered. Current QR ZK algorithms are far too large to use in Bitcoin, but that could change. Worth noting.”
While sharing other potential solutions, Smith noted that there’s the “tank the attack & rebuild.”
He pointed out that Bitcoin’s network effects are “massive,” so it is challenging to accurately estimate or predict “what the crypto ecosystem will look like in the future, but the potential economic disruption of BTC failing may incentivize extraordinary measures to save the network.”
“Bitcoin’s ability to tank a quantum-computing-related market crash will depend on [whether there’s] another chain capable of replacing BTC as the main crypto store of value [and whether] “BTC [can] avoid a mining “death spiral”? Also, “how far will stakeholders go to ensure the network survives & rebounds?”
Smith also mentioned that for people or institutions holding Bitcoin, some good measures may be purchasing insurance, and/or hedging BTC exposure “with an asset that would be expected to increase in value in the case of an attack.”