Here's a different way to think about it.
Quantum will likely be able to break classical encryption within a defined period of time.
If you have an encrypted message, it can see the encrypted text and attempt to break it using a probability curve with a language model to identify outcome.
But when it comes to Bitcoin, or any keypair, the private key cannot be derived from the public key, so you need a different target to focus on.
Bitcoin’s defence isn’t just cryptography. It’s probabilistic obscurity.
What are you going after?
Wallet addresses with valid (high balances)?
Random, valid addresses?
The problem is not how easily will they break encryption, it's how will they target which encrypted wallets to break?
Key rotation is going to become more important as we move towards the quantum singularity.
Quantum is useless without target selection.
Target selection requires information.
Bitcoin hides information by default until the precise moment of movement.
After that, key hygiene determines who gets hurt.
Replies (7)
You can't decrypt with statistics.
Reversing a hashing algorithm needs conditional bit flops.
Or if you can somehow do it with statistics, it needs the conditional setting of registers, which means conditional bit flops.
Obviously, The hash algorithm ( NSA made ? ) could have a backdoor a quantum gizmo helps with 🤷♂️
*trap door algorithm
If this is true then an attacker would need my xpub to decrypt?
This is bullish in a way because it will force people not to use addresses twice or leak their xpub. Xpubs will become much more closely guarded data.
as far as i know, issue is you can derive the private key from public key.
current bitcoin solution to this is, hashing the public key. because quantum computers are not that great at reversing hashes.
many bitcoin address types are actually hashed public keys. so you only reveal your public key while spending your coins.
and bitcoin best practice is using the same address once per utxo or per deposit. and when you spend this utxo many modern wallets will also use a new bitcoin address as change address as well.
so you only reveal your public key while spending the utxo, and once you reveal the public key that address already becomes empty.
so the only issue here is the lightning, because when you create a lightning channel, you also reveal your public key.
but this time the revealed public key has access to the funds on the channel.
im not sure if this is possible with bitcoin's scripting but one solution to this might be (without a new quantum address type), rotating the ownership of your side of the channel to a new address, every time you interact with it.
But still exposed to short-range attackers (after exposing transaction to mempool, but before transaction is put in a block)?
Better pay those fees then 😅
