[SakiWatanabe]

It should say This is also why address reuse in Bitcoin is "discouraged" as to sign a transaction you need to reveal your public key. If you don't reuse an address after sending a transaction from the address, you don't need worry about the "public key" of that address being exposed

The reason being without revealing public key, with only the bitcoin address the attacker first need to guess the public key from the address, then guess the private key from there. So just breaking one of the hash algorithm or ecdsa algorithm is not enough to steal funds. at least that's in theory, in reality if either algorithm is broken we have a much bigger problem.

[placeybordeaux]

I was under the impression that ecdsa was potentially broken by quantum computers, but SHA-256 was not. Is that not the case?

[jamesmishra]

Yes, in theory. See https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Qu...

ECDSA is vulnerable to a modified version of Shor's quantum integer factorization algorithm. However, nobody on Earth is known to be close to producing such a computer. Adiabatic quantum computers like the ones produced by D-Wave are not known to be capable of running Shor's algorithm. See https://en.wikipedia.org/wiki/Adiabatic_quantum_computation

SHA-256 and hashing algorithms have no known quantum attack against them, but one could theoretically gain a sqrt(n) advantage in brute-force search using Grover's quantum search algorithm. https://en.wikipedia.org/wiki/Grover%27s_algorithm

[placeybordeaux]

Huh I knew that Grover's algorithm would yield speed ups in db searches, but apparently I didn't read the wikipedia article closely enough. It allows for inversion of any function in sqrt time!