Quantum Computing

So lets say this protocol is widely being used and quantum computers come along. No problem just square the difficulty level. But what if the difficulty is 2^70 or more before you do it? Now difficulty is 2^140. Whats happens when x in the fee table is less then one wie? You really need to extend the decimal or make sure x is min of one wie.
If you don't and fees disappear completely it may ruin the world economy if ether becomes a dominate currency. You could speculate for ever on what that would exactly look like but it would definitely not be good for the system.
It would take a galaxy sized computer with current tech to get that level. But yet I would not be surprised to see it get there even in my lifetime...

Comments

  • fusion7fusion7 Member Posts: 10
    edited January 2014
    no it has nothing to do with difficulty. when qc comes, ecdsa will be instantly broken as you can compute private key from public key.
  • phoenixphoenix Member Posts: 9
    This depends on which quantum algorithms the qc can run. DWave claims to have a functional qc, but it runs a different set of algorithms than what you need to crack public key encryption.
  • quantumcashquantumcash Member Posts: 12
    No I disagree we will have quantum encryption by the time quantum computers are around. So even if you can get complete access to an account through the public key you could theoretically split your funds into the amount you want to send into a new account and securely transmit that key to someone using quantum encryption or offline completely.
    In that scenario you would not be able to just post your public key to get tips or such but you could still hold and send funds.
  • arckearcke Member Posts: 34
    edited January 2014

    no it has nothing to do with difficulty. when qc comes, ecdsa will be instantly broken as you can compute private key from public key.
    Is it possible and feasible to implement ethereum based solely on post-quantum crypto methods? For instance, Lamport signatures might protect us in the log run from QC.
  • quantumcashquantumcash Member Posts: 12
    Yes I have looked into it a bit but of course new quantum algorithms could be found.
  • Manfred_KarrerManfred_Karrer Member Posts: 17
    Here a video from Vitalik about quantum computing and Bitcoin:
    As well as an article: http://bitcoinmagazine.com/6021/bitcoin-is-not-quantum-safe-and-how-we-can-fix/
  • xerocxeroc Member Posts: 3
    Take a look at Lamport Signatures @ wikipedia .. these are qc proof ... l-coin wants to implement it
  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    +1 for Lamport Sigs
  • arckearcke Member Posts: 34
    Take a look at Lamport Signatures @ wikipedia .. these are qc proof ... l-coin wants to implement it
    I cant find anything about I-coin. What is it, is there a website?
  • BYONDIIxBYONDIIx Member Posts: 1
    i think i solved it
  • arckearcke Member Posts: 34
    http://www.bitcoinnotbombs.com/bitcoin-vs-the-nsas-quantum-computer/

    It seems it is not easy to do Lamport efficient when doing multiple signatures. The article suggests that for every transaction signed an additional node in the merkle tree has to be stored/generated and used in the signature which make the signatures become ever larger.
    The more messages you want to sign with your public key, the larger the Merkle tree needs to be. The larger the tree, the larger the signature. Eventually the signature starts to become impractically large, especially for use in Bitcoin.
    Another alternative is discussed, namely MSS, with similar problems.

    Finally the author concludes:
    So in other words, Bitcoin can’t adopt one of these signature schemes at the moment if we want to scale beyond present capacity. However, by the time quantum computers become viable, Moore’s law will likely have brought the cost of storage and processing power down to the point where CMSS, GMSS or one of the other types of post-quantum signature schemes could easily be merged into Bitcoin. Until then, let’s not lose any sleep over Penetrating Hard Targets.
    So maybe ECDSA remains one of the best current options to use in cryptocurrencies.
  • vaXvaX Austin, TXMember Posts: 78 ✭✭✭
    edited June 2014
    @Vitalik's QC & Bitcoin presentation in IsRaEl is great.
    This bit especially: (45:30-55)
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    If some public key has signatures that need to expand every use to be secure, and say Ethereum uses that pubkey system, then the solution is very simple you just make a contract and every time you send a message to it, you change the public key that controls the contract, and then next time you use that other one and do the same. So it is only one public key bigger than what it would be.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    I am not 100% right on the previous post, because it has to work with block reorganizations and stuff too.
  • harveybastidasharveybastidas Member Posts: 20
    edited June 2014
    An aspect to think about, and maybe lose some sleep is the post-quantum computer era, as Moore's law indicate, what comes next in computing processing power will come very fast, probably without giving us time to adapt to the quantum-contingency strategy, an example of such system could be some sort of quantum-closed-timelike computer orders of magnitude better than any quantum computer, and just speculating, capable of breaking the proposed Lamport-Signatures-Merkle-Tree scheme. Looks like sci-fi, but you know every new technology is like that:

    http://www.imsc.res.in/~aqis13...

    http://rspa.royalsocietypublis...

    http://www.researchgate.net/pu...

    So, as trying to overrun the Moore's law updating the difficulty in a "scalable way" with merkle hashes of Lamport Signatures is a good solution, but ,may result impractical in a couple of years, there must be another way (maybe yet to discover) to mine that resists the rigors of the Moore's Law. :)
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Moores' law is just an observation. It is kindah strange how it keeps fitting pretty well, but there is no reason to think it will continue when hitting physical limitations, or when the principle of operation/material changes drastically. Like going to graphene or some such, or going to quantum computing. (Afaik, QM computing is not actually better at everything)

    Your links dont work, and the first one links to a general page, not about this in particular.
  • harveybastidasharveybastidas Member Posts: 20
    edited June 2014
    Yes, but we do not know exactly these limitations in physycs if they exist. There is no reason to think that quantum computing is that limit.

    http://www.researchgate.net/publication/226760663_Computers_with_Closed_Timelike_Curves_Can_Solve_Hard_Problems_Efficiently

    http://www.imsc.res.in/~aqis13/extended/shorttalks/Todd_Brun_48.pdf

    http://www.scottaaronson.com/papers/ctc.pdf

    @Jasper‌ and @everybody Sorry for the links. I copied them from a @vitalik post in the Blog and didn't realized that the links were cut.



  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Being able to theorize about ctc's is far from actually making them. And you're essentially talking time travel, i mean to think that will be here in a couple of years is insane. Look at what the nitty gritty is like.
  • harveybastidasharveybastidas Member Posts: 20
    edited June 2014
    jejeje yes very very far from making them, i only posted the articles to point that we should not assume that there is no future beyond the quantum computers. And there are no reason to think that any advance in computing capacity after Quantum Computing will take a long time. Check the second article is very interesting, theother two mostly reffer to the use of the theoretical CTC i posted them as examples.

    So if you want to make a coin that endures like another 10 or 20 years, maybe you have to take the CTC's or other unknown information processing technology in to account. You have no reason to think that Quantum computing is the end.

    To make the mining Quantum-resistant with Merkle-trees of Lamport signatures is very good, and scalable. But i wonder if the scalability will be transparent for the users or they will be in risk of losing their money during this technology leaps and will addapt with enough speed to tolerate inminent increase in processing power, that can be abrupt.
    Post edited by harveybastidas on
Sign In or Register to comment.